Got a job offer on LinkedIn? Beware it could be malware instead

The fake LinkedIn job offer infects the user's device with malware.

Highlights
  • Hackers spreading these fake job offers are connected to a group called ‘Golden Chickens’.
  • The job offers come attached with malware packaged in .zip files and are forwarded to job seekers’ inboxes
  • A backdoor called ‘more_eggs’ is then installed on the user’s device, which helps hackers run other malicious programs and steal data.

Unsuspecting LinkedIn job seekers are falling prey to hackers who are sending fake job offers that can end up stealing users’ data. Due to the ongoing pandemic, people have lost their jobs and are turning to platforms like LinkedIn to look for new offers. It seems that hackers are taking advantage of this to steal the personal data of unwitting job seekers. According to a new report by eSentire, a cybersecurity firm, a bunch of hackers going by the group name ‘Golden Chickens’ are behind this.

LinkedIn fake job offer scam

The LinkedIn fake job offer scam has been detailed by the report by eSentire. Hackers bait the users by sending a message to their inbox. The message consists of a link that’s masked by a job position. For example, if the LinkedIn user’s current job is an Account manager at a company, then the link will say ‘Account Manager – (Company Name) position’. When the users open the link, a backdoor trojan called more_eggs will automatically be installed on the user’s device. 

This ‘more_eggs’ trojan is a tool that will allow these hackers to install worse malware on the user’s system. Things such as ransomware, credential stealers, and other malware could be installed with ease. The hackers will then gain access to private information of the user. The Golden Chicken hacker group apparently isn’t stealing data themselves, instead, other hackers can purchase the malware and start an attack on unsuspecting job seekers. 

The best way to not get caught in such scams is to make sure that you don’t click on such sketchy links received via direct message. These job offers could also have some spelling mistakes or will be too good to be true. LinkedIn responded to a comment by Gizmodo and stated that the safety of its users is of utmost priority. The company makes sure that the recruiter and the jobs on the app/website are real. Fake accounts and other fraudulent activities are blocked from the site.