Friday, March 5, 2021

The new "LinkedInSecureMessage"​ ?


Image of a stage 1 malware, from a pdf in a inkedin mail phishing message


With all the talk of secure messenger applications lately, I bet you’d like to have just one more, right? In the past few weeks, we’ve noticed a new variant on a typical cred-stealer, in this case offering itself up as a new, secure messaging format used right here on the career website LinkedIn.

There’s only one problem with this… there is no such thing as a “LinkedIn Private Shared Document”.

Not Quite Secure

Victims will receive an ordinary message, likely from someone which they already are connected with. These are not from the more recent, unsolicited “InMail” feature, but a regular, internal “Message” on LinkedIn. There is nothing interesting about the message, although it contains a 3rd-party link, claiming to be a “LinkedInSecureMessage” which serves up the nice-looking pdf file shown above.

If you click “VIEW DOCUMENT,” it opens up a convincing LinkedIn login page. ...


...this diary was published on the Internet Storm Center website, read the complete article at:

https://isc.sans.edu/forums/diary/The+new+LinkedInSecureMessage/27110/


Labels: , , , , , , , , , , , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

The new "LinkedInSecureMessage"​ ?

With all the talk of secure messenger applications lately, I bet you’d like to have just one more, right? In the past few weeks, we’ve noti...

Follow by RSS

Loading...