**A New LinkedIn Phishing Scam Targets Executives Online: Be Aware of the Latest Threat**

Phishing scams have become a common occurrence in today's digital landscape, but a new threat has emerged that targets business executives and IT administrators on the popular professional networking platform, LinkedIn.

The highly sophisticated phishing attack, revealed by security researchers at ReliaQuest, combines legitimate Python pentesting projects, DLL sideloading, and fake job ads to infect high-value targets with remote access trojans (RAT).

**The Attack: A Step-by-Step Breakdown**

According to ReliaQuest's report, the victims are carefully chosen and reached out with an invitation to a business project or a job. The LinkedIn message comes with a download link that, if clicked, downloads a WinRAR self-extracting archive (SFX).

The filename is usually tailored to the victim's role, such as a product roadmap or project plan. When the victim opens the archive, it automatically extracts several files to the same folder, making the package look legitimate.

The victim then launches the PDF reader that's included in the archive, believing they are opening a normal document. This reader then loads a malicious DLL that was also included in the archive. This method, known as DLL sideloading, executes the attacker's code without raising immediate security alerts.

**How the Malware Communicates with Command-and-Control Servers**

The malicious DLL adds a Windows registry "Run" key to establish persistence and then runs a portable Python interpreter that was also included in the archive. This tool runs a Base64-encoded, open-source hacking tool directly in memory.

In turn, the malware begins communicating with a command-and-control server, which is standard behavior for remote access trojans. ReliaQuest warns that this campaign serves as a reminder that phishing isn't confined to email inboxes and highlights the importance of considering alternative channels like social media platforms in security strategies.

**Protect Yourself from This Attack**

ReliaQuest emphasizes that social media platforms, especially those frequently accessed on corporate devices, provide attackers with direct access to high-value targets like executives and IT administrators.

To avoid falling victim to this phishing scam, it's essential to remain cautious when receiving LinkedIn messages, even if they appear to come from trusted sources. Verify the authenticity of any links or attachments before clicking or downloading them.

ReliaQuest advises organizations to include social media platforms in their security strategies and to educate employees on how to recognize and report suspicious activity.

**Stay Ahead of Cyber Threats**

To learn more about this phishing scam and other cybersecurity threats, sign up for our free newsletter to get the latest news, opinion, features, and guidance your business needs to succeed. Click here to subscribe now!

Follow us on social media platforms like LinkedIn, Twitter, and Facebook to stay informed about the latest developments in the world of technology and cybersecurity.