Watch out for these fake job offers on LinkedIn – they could lead to malware By Mobile Malls March 13, 2023 0 227 views A North Korean hacking group is believed to be behind a brand new malware marketing campaign that makes use of pretend job presents on LinkedIn to lure its victims. The group is posting faux job presents within the media, tech and protection industries beneath the guise of professional recruiters. They even impersonated the New York Instances in a single advert.Risk intelligence agency Mandiant (opens in new tab) found the marketing campaign has been ongoing since June 2022. It believes it’s associated to a different malware marketing campaign originating from North Korea, performed by the notorious Lazarus group, referred to as “Operation Dream Job” which breaches methods belonging to crypto customers.Phishing for victimsMandiant, for its half, believes the brand new marketing campaign is from a separate group to Lazarus, and is exclusive in that the TouchMove, SideShow and TouchShift malware used within the assaults have by no means been seen earlier than.After a consumer responds to the LinkedIn job supply, the hackers then proceed the method on WhatsApp, the place they share a Phrase doc containing harmful macros, which set up trojans from WordPress websites that the hackers have cracked and use as their management heart.This trojan, based mostly on TightVNC and referred to as LidShift, in flip uploads a malicious Notepad++ plugin that downloads malware referred to as LidShot, that then deploys the ultimate payload on the machine: the PlankWalk backdoor.After this, the hackers then use a malware dropper referred to as TouchShift, hid in a Home windows binary file. This masses a plethora of extra malicious content material, together with TouchShot and TouchKey, a screenshot utility and keylogger respectively, in addition to a loader name TouchMove.It additionally masses one other backdoor referred to as SideShow, which permits for high-level management over the host’s system, equivalent to the power to edit the registry, change firewall settings and execute extra payloads.The hackers additionally used the CloudBurst malware on corporations that did not use a VPN, by abusing the endpoint administration service Microsoft Intune.As well as, the hackers additionally exploited a zero-day flaw within the ASUS driver “Driver7.sys”, which is utilized by one other payload referred to as LightShow to patch kernel routines in Endpoint safety software program to forestall detection. This flaw has since been patched.Listed below are the very best job websites on the market proper nowShare this:Click to share on Twitter (Opens in new window)Click to share on Facebook (Opens in new window)MoreClick to print (Opens in new window)Click to email a link to a friend (Opens in new window)Click to share on Reddit (Opens in new window)Click to share on LinkedIn (Opens in new window)Click to share on Tumblr (Opens in new window)Click to share on Pinterest (Opens in new window)Click to share on Pocket (Opens in new window)Click to share on Telegram (Opens in new window)Click to share on WhatsApp (Opens in new window)