Hackers Are Using LinkedIn DMs and PDF Tools to Deploy Trojans

ReliaQuest Threat Research has identified a new phishing campaign on LinkedIn that tricks professionals into downloading malicious files. Using DLL side-loading, attackers hide viruses inside legitimate PDF readers and Python scripts to bypass security.

Cybersecurity researchers at ReliaQuest have discovered a shift in how hackers are breaking into corporate networks. In a report authored by researcher Emily Jia, it was revealed that attackers are now bypassing email filters and heading straight for LinkedIn private messages to trick high-value employees.

Building Trust to Deploy Trojans

According to the investigation from the ReliaQuest Threat Research unit, this attack doesn’t start with a computer virus, but with a conversation. The hackers spend time talking to people in high-level roles to build a sense of trust. Once the target feels comfortable, the attacker “deceives them into downloading a malicious WinRAR self-extracting archive, which is basically a digital folder that automatically opens itself, researchers ...