A new LinkedIn phishing scam is targeting executives online - make sure you don't fall for this

• Sophisticated LinkedIn phishing uses fake job ads to target executives
• Attacks employ DLL sideloading and Python tools to install remote access trojans
• ReliaQuest warns phishing extends beyond email, exploiting overlooked social media platforms

Business executives and IT admins are being targeted by a highly sophisticated phishing attack which doesn’t happen in the email inbox but rather - on LinkedIn.

Security researchers ReliaQuest said they saw a new attack that combines legitimate Python pentesting projects, DLL sideloading, and fake job ads, to infect “high-value targets” with remote access trojans (RAT).

As per ReliaQuest’s report, the victims are carefully chosen and reached out with an invitation to a business project or a job. The LinkedIn message comes with a download link which, if clicked, downloads a WinRAR self-extracting archive (SFX). The filename is usually tailored to the victim’s role, such as a product roadmap or project ...