Based on reporting by The Hacker News.
Cybersecurity researchers have uncovered a malware campaign in which attackers abuse LinkedIn private messages to deliver malicious archives that ultimately install remote access trojans (RATs) on victim systems.
The campaign relies on social engineering, targeting professionals with convincing messages that appear to reference job opportunities, business documents, or shared resources.
How the Attack Works
Victims receive a LinkedIn message containing a compressed archive, often disguised as a legitimate file. When extracted and executed, the archive leverages a technique known as DLL sideloading to run malicious code alongside trusted software components.
By abusing legitimate binaries and open-source tools, the malware is able to evade detection while installing a persistent backdoor that grants attackers remote control over the compromised system.
Who Is Being Targeted
According to researchers, the campaign primarily targets executives, IT administrators, and professionals with elevated access inside organizations, making successful infections especially valuable to attackers.
Why LinkedIn Is Attractive to Attackers
LinkedIn’s professional environment and built-in messaging system create a sense of trust that attackers can exploit. Unlike email, LinkedIn messages may bypass traditional security filters, increasing the likelihood that malicious content reaches victims.
Staying Safe
Security experts advise users to treat unsolicited attachments or links received via LinkedIn with the same caution as email phishing attempts. Verifying the sender and avoiding the execution of unknown files remain critical defenses.
Original source: The Hacker News – LinkedIn Malware Campaign