Skip to Content
© Anyaberkut | Dreamstime.com
Security & privacy

Think twice before you click that job offer – It may be hiding malware

Millions of Americans have lost their jobs since the start of the pandemic. Online recruitment platforms have seen record numbers of applications, making competition for finding work fierce. Hiring or looking for a job? Upgrade your LinkedIn profile to stand out.

Desperate to find a source of income, many have dropped their guard and fallen prey to job-related scams. After months of sending out applications, it is a good feeling to receive a solid offer. The last thing you would expect is to receive is malware disguised as a job offer.

But that is exactly what has been happening to job seekers recently. Keep reading to find out how this nasty scam works and what to watch for to stay protected.

Here’s the backstory

A cybercrime ring is targeting job seekers and sending them malware hidden inside employment offers. Security company eSentire detailed how the attackers send Trojan malware inside phishing messages to steal victims’ details and even take control of their device.

Hackers are going through LinkedIn profiles and targeting victims with fake job offers similar to their current positions. For example, if your profile shows that you are a loan and mortgage officer, you will receive a loan and mortgage officer job offer.

The offer will include a zip file that is supposedly a full description of the position being offered.

But do not open the zip file! It’s packed with malware. If you open the zip file, it will execute the malware and your device will be infected. The hacker group behind it goes by Golden Chickens, and the payload is a backdoor Trojan dubbed more_eggs.

“Once loaded, the sophisticated backdoor can download additional malicious plugins and provide hands-on access to the victim’s computer. The threat group behind it sells the backdoor under a malware-as-a-service(MaaS) arrangement to other cybercriminals,” eSentire explained in a blog post.

What can you do about it?

The first step to staying safe is to never open attachments from strangers in unsolicited messages or emails. And be cautious if a contact randomly sends you a message with an attachment without an explanation. Their account could have been breached.

LinkedIn has been made aware of the ongoing attacks and stressed that when applying for a position, make sure the recruiter is who they say. As for what’s being done to stop the attacks, LinkedIn said systems are in place to minimize the risks.

“We don’t allow fraudulent activity anywhere on LinkedIn. We use automated and manual defenses to detect and address fake accounts or fraudulent payments. Any accounts or job posts that violate our policies are blocked from the site,” LinkedIn explained.

Here are more tips on how to stay safe from phishing attacks:

  • Be cautious – Don’t click links or open attachments found inside unsolicited messages or emails. They could be malicious and infect your device with malware.
  • Know who you’re dealing with – Research companies before applying for a job. Make sure the company you are applying to is real.
  • Safeguard personal information – Don’t give out any personal information to people you don’t know.
  • Watch for grammatical errors – Cybercriminals are getting better at spelling and grammar but keep an eye out for these types of mistakes. Real companies will not send official correspondence with spelling and grammar errors.

Full disclosure: LinkedIn is a sponsor of The Kim Komando Show. The platform is a great resource for finding a new career, or if you own a business, finding new talented employees.

Are you hiring? Go to LinkedIn.com/Kim now and post a job for free.

Keep reading

How cybercrooks are using your LinkedIn profile to steal your info

5 smart things you should be doing with your LinkedIn profile

Komando.com App background

Check out the free Komando.com App!

Get the latest tech updates and breaking news on the go, straight to your phone, with the Komando.com App, available in the Apple Store and Google Play Store.

Download Now