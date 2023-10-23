Cybersecurity researchers have identified a new campaign targeting social media managers in the US, UK, and India. The goal of this campaign is to gain unauthorized access to their Facebook business accounts, which can later be used to launch malicious advertising campaigns. Hackers, believed to be from Vietnam, are impersonating a well-known American computer peripherals company called Corsair on LinkedIn. They have created a fake job advertisement for a social media management position at the company, using it as a way to distribute malicious documents to their victims.

One of the documents contains a VBS script that, when executed, delivers either the RedLine Infostealer or DarkGate malware. By gaining access to the victims’ social media accounts, the hackers are also able to access the credit cards linked to those accounts. This allows them to create and pay for malicious advertisements on the platform, which has nearly three billion monthly active users. These ads typically lead to malicious websites or promote malware.

This tactic of using fake job offers to deceive victims is not new. The Lazarus Group, a North Korean threat actor, previously used this method to lure in blockchain developers. They would assume the identity of well-known companies, such as Coinbase, and share malware disguised as PDF files during the interview process. This allowed them to steal hundreds of millions of dollars in cryptocurrencies over the years.

To protect themselves from such attacks, social media managers and job seekers should be cautious when interacting with unknown individuals or companies online. They should verify the legitimacy of any job offers they receive and avoid opening suspicious files or executing unknown scripts. Additionally, regular antivirus scans and keeping software up to date can help mitigate the risk of malware infections.

Sources: WithSecure, BleepingComputer, TechRadar Pro