Select Page

Cyren Security Blog

Phony LinkedIn reminders help users connect with malware


Phony LinkedIn invitations are not a new phenomenon. What tends to change is the underlying delivery method used for the malware distribution – In this case compromised websites that unknowingly host malicious scripts. The LinkedIn reminders that are included in the attack include several variables such as names, relationships, and the number of messages awaiting response. As usual the giveaway that something strange is occurring is the link (see after mouseover).

Recipients that click on the link reach a rather bland looking “notification” page that provides no further links or instructions.

In the background, several scripts seek out software with vulnerabilities that can be exploited including:

The fully functional host website is shown below.

Of course the malware is hugely problematic – but another issue emerges from all of these phony LinkedIn invitations – they cause malware-aware users to be suspicious about genuine invitations! Following the outbreak described above, I nearly deleted this actual invitation to connect..

You might also like

Square Enix Phishing Campaign

From July 20 until August 16, 2021, Cyren observed a significant increase in the number of Square Enix phishing URLs. The campaign coincided with 14 days of free play announced by Square Enix on July 12, 2021. During this period, we detected a total of 47,076 URLs for...