Bad news - these fake LinkedIn job offers are just pushing malware, so don’t get your hopes up

No, you’re not Corsair’s next social media manager

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Hackers are targeting social media managers in the US, the UK, and India with info-stealingmalware. The goal of the campaign is to gain access to their Facebook business accounts, through which they can later launch malicious advertising campaigns on the social media platform.

The campaign was spotted by cybersecurity researchers from WithSecure, who found the scammers, thought to be from Vietnam, are impersonating Corsair, a well-known American computer peripherals and hardware company, on LinkedIn. There, they have created a fake job ad for a social media management position at the company, and are using it to push a couple of documents to the victims.

One of the documents holds a VBS script which, if executed, will deliver either the RedLine Infostealer, or DarkGate, further down the line.

Fake jobs is an old trick

Gaining access to the victims’ social media accounts also gives them access to the credit cards linked to the accounts. That way, they can create - and pay for - various ads on the platform that has almost three billion monthly active users. These ads will, almost always, lead to a malicious site or promote malware in one way or another.

Fake job offers on LinkedIn are nothing new. North Korean threat actor Lazarus Group gained infamy by setting up fake job offers to lure in blockchain developers. In one such instance, cybersecurity researchers from Malwarebytes discovered a campaign in which Lazarus assumed the identity of Coinbase, one of the world’s biggest and most popular cryptocurrency exchanges.

The criminals reached out to blockchain developers with a job offer for the role of “Engineering Manager, Product Security", and even conducted a few interviews, to make the whole campaign more believable. At one point, however, the attackers shared a file, seemingly a PDF, but in fact - malware.

Lazarus Group stole hundreds of millions of dollars in cryptocurrencies this way, throughout the years.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

ViaBleepingComputer

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

A new form of macOS malware is being used by devious North Korean hackers

Scammers are using fake copyright infringement claims to hack businesses

Belkin’s Travel Bag for Vision Pro has pockets and is way cheaper than Apple’s own case