LinkedIn is among the social media platforms being massively targeted on phishing campaigns.
Being a popular spot for the corporate world, it makes more sense bad actors put it prioritizes their attack on it.
Let’s see how a Trojan recently infiltrated inside and data from 500 million users got leaked.
Golden Chickens more_eggs Trojan
The threat group “Golden Chickens” was behind the biggest spear-phishing campaign (fake job offers targeted at LinkedIn users) occurring this month.
It consisted of emails that tricked victims into clicking a .ZIP file named after the victim’s current job title, making it appear legitimate. Once downloaded, the “more_eggs” trojan began by opening access to the system and fetching additional types of malware, if desired.
Alternatively, the “more_eggs” threat was sold to other hackers as malware-as-a-service.
Groups like Evilnum have also used this malware to attack fintech companies to steal customer lists, trading credentials, and valuable spreadsheets. In this case, the victims consist of employees with access to extremely sensitive data.
In the case of FIN6 (financial threat gang), it was used to target e-com stores, as well as retail, entertainment, and pharma companies’ POS in 2019.
Three particular aspects made the more_eggs trojan seem like a “formidable threat to business and business professionals.”
First of all, it avoids antivirus protection.
Second, it looked genuine enough for job hunters to feel enticed to click on it.
So, the same old thing happened…
Data From 500 Million LinkedIn Users Leaked Online
Although the amount doesn’t correspond entirely to the previously mentioned backdoor trojan, soon after 500 million LinkedIn users had their data posted for sale online on a popular hacker forum: LinkedIn IDs, names, email addresses, phone numbers, etc.
Hackers leaked records of 2 million people as a sample for proof of concept. These can be seen by users for $2 worth of forum credits. But the real attraction (whole 500-million-user database) was being auctioned for a four-digit Bitcoin equivalent.
This incident follows a similar one of 533 million Facebook users from last weekend.
Despite what many thought, both events didn’t happen due to a system breach but came from data scrappers. LinkedIn officials confirmed on Thursday:
“We have investigated an alleged set of LinkedIn data that has been posted for sale and have determined that it is an aggregation of data from a number of websites and companies” that includes “publicly viewable member-profile data that appears to have been scraped from LinkedIn.
“This was not a LinkedIn data breach, and no private member account data from LinkedIn was included in what we’ve been able to review.”
For that reason, it’s still unclear at this time if LinkedIn will face troubles (as GDPR violation) for this incident. On the other hand, Facebook is facing an investigation by the IDPC (Ireland’s Data Protection Commission) over their leak.
Are you worried about this happening to you?
How to Avoid Being a LinkedIn Hacking Victim
It will be easier to avoid being a victim If you consider the causes of these two massive LinkedIn attack:
- Trojan: You should always be careful of spear-phishing scams, as well as smishing and vshing. This can get your device and system, as well as others from your co-working network, affected.
- Data Scrapping: Hackers won’t be able to extract your valuable information… If you don’t put it out there, so publicly.