**As if LinkedIn Messages Couldn't Get Any Worse: Hackers Use Them to Install Malware on PCs**

In a new twist on phishing scams, hackers have been spotted using LinkedIn messages to install malware on people's computers. Researchers at ReliaQuest recently discovered a phishing scam that prompts users to download a seemingly innocuous file, which in reality contains malicious code.

The scam starts with a link sent via direct message (DM) on LinkedIn, with a name like "Upcoming_Products.pdf" attached. To make the download look legitimate, the hackers include an open-source PDF reader app that users are encouraged to install alongside the file. What they don't realize is that this download comes with a malicious DLL file hidden inside.

Here's where things get particularly insidious. The malware sideloads a Python interpreter onto the system, which creates a registry Run key. This allows the hacker to gain remote access to the user's computer, making it possible for them to extract sensitive information from the machine. All this happens without the victim even realizing their PC has been compromised.

ReliaQuest believes that the use of open-source tools as threat vectors is a new and particularly effective approach used by hackers. By including legitimate-looking files alongside malicious ones, they're able to establish trust with users and increase their chances of success. This tactic is especially appealing in corporate environments where professionals are more likely to click on links from trusted sources.

While this specific phishing scam was caught on LinkedIn, it's essential to remember that this type of attack can happen anywhere. ReliaQuest warns that social media platforms like LinkedIn, Facebook, and Twitter are often less monitored than email, making it difficult to quantify the full scale of these attacks.

So what can you do to protect yourself? ReliaQuest recommends implementing social media-specific security awareness training for employees in corporate environments. This will help them identify phishing attempts and avoid downloading suspicious files.

As we've all been warned time and again, it's crucial to stay vigilant when it comes to messages on LinkedIn (and other social media platforms). With the increasing sophistication of hacking methods, it's essential to be cautious before clicking on any links or downloading attachments. Stay safe out there!

**What You Can Do to Protect Yourself:**

* Be cautious when receiving direct messages with links or attachments * Verify the authenticity of emails and messages from unknown sources * Use strong antivirus software and keep your operating system up-to-date * Implement social media-specific security awareness training for employees in corporate environments

By being aware of these tactics, you can stay one step ahead of hackers and protect yourself from these types of attacks.