Summary
A malware campaign on LinkedIn impersonates known brands to deliver info-stealers through hijacked accounts, Google Forms, and bloated ZIP files. The attack targets session cookies and credentials to bypass MFA and gain persistent access to corporate and personal accounts.
Take Action:
Never trust unexpected social media and messenger messages, even from people you know. Hijacked accounts are how this scam spreads. Don't rush, don't fill out forms from strangers, and NEVER download or run executable files (.exe) sent by a "recruiter". Legitimate companies never send EXEs to job candidates.
Read the full article on BeyondMachines
This article was originally published on BeyondMachines
Top comments (0)