As more and more tech companies lay off employees, many of those workers are brushing up on Microsoft"s business social network LinkedIn to try to find a new job. However, it looks like a hacking group is taking advantage of this situation and is posting fake LinkedIn job listings in an attempt to send out malware to unsuspecting users.
The security firm Mandiant posted a blog post about this activity. It said it comes from a North Korean group it has labeled "UNC2970". It says that this group has conducted phishing campaigns via email in the past, with offers of jobs. However, the security group now says UNC2970 is posting fake job listings directly on LinkedIn that look like real offers from real companies. It states:
UNC2970 uses these accounts to socially engineer targets into engaging over WhatsApp, where UNC2970 will then deliver a phishing payload either to a target’s email, or directly over WhatsApp.
The group uses the PLANKWALK backdoor to send out its software package. The malware that is eventually sent out is called "TouchShift" and can distribute other malicious programs like the screenshot program TouchShot and the keystroke logger TouchKey. So far, Microsoft has yet to comment on these alleged fake malware-inducing LinkedIn accounts.
Source: Mandiant