Cybersecurity researchers have identified a phishing campaign on LinkedIn targeting high-value individuals. Attackers establish trust through direct messages before tricking victims into downloading a malicious WinRAR self-extracting archive (SFX). This archive contains several components, including a legitimate PDF reader used to trigger a DLL sideloading attack.
The infection chain uses the sideloaded DLL to drop a Python interpreter, which then executes Base64-encoded shellcode directly in memory. This technique allows the malware to maintain persistence and grant attackers remote access while minimizing forensic footprints on the disk. The campaign highlights a growing trend of using social media as an alternative to email for sophisticated phishing attacks.
Top comments (0)