Hackers Target Social Media Users With Dangerous New Malware

Many western media outlets, government agencies, and cybersecurity companies report that foreign state-sponsored hacking groups are undertaking large phishing campaigns via LinkedIn, WhatsApp, Facebook and other applications, targeting individuals in organizations with the goal to install Trojan malware onto their networks. This cyberespionage activity is targeting organizations in all sectors, with advanced social engineering based around fake social media personas.

The bogus messages' general subjects include invitations to join a professional network, job offers, or other plausible information such a supplier to the business, making the message appear legitimate, while it contains URLs which lead to documents that, when opened, install remote access Trojans which can infiltrate computers and phones operating systems to give the hacker full access to the victim's system. In many reported cases, the infected software allowing hackers to control the phones’ cameras and microphones remotely, meaning hackers being able to film and listen to conversations without the victim being aware their phones had been hacked.

Who should be concerned?

Any company or agency with more than few tens of employees is at risk for this kind of stealth attacks.

What’s an organization to do?

You should acknowledge the dangers of such highly-sophisticated cyberattack operations, and make your employees aware of the risks of connecting to unknown social media accounts, as they might not be who they really claim, but instead a hacker looking to compromise and manipulate their profile and actions. In short, always make sure you and they connect with people who are known or can be trusted. And if you see something, say something. Report suspicious activity to law enforcement, and share with the community online before it becomes a full-blown attack.