Select Page

Cyren Security Blog

The Cyren Security Blog is where Cyren engineers and thought leaders provide insights, research and analysis on a range of current cybersecurity topics.

Phony LinkedIn reminders help users connect with malware


Phony LinkedIn invitations are not a new phenomenon. What tends to change is the underlying delivery method used for the malware distribution – In this case compromised websites that unknowingly host malicious scripts. The LinkedIn reminders that are included in the attack include several variables such as names, relationships, and the number of messages awaiting response. As usual the giveaway that something strange is occurring is the link (see after mouseover).

Recipients that click on the link reach a rather bland looking “notification” page that provides no further links or instructions.

In the background, several scripts seek out software with vulnerabilities that can be exploited including:

The fully functional host website is shown below.

Of course the malware is hugely problematic – but another issue emerges from all of these phony LinkedIn invitations – they cause malware-aware users to be suspicious about genuine invitations! Following the outbreak described above, I nearly deleted this actual invitation to connect..

You might also like

Protect Office 365 Email from Ransomware

Ransomware is continually evolving. It has become the “most prominent malware threat”, with experts estimating that ransomware attacks in 2021 resulted in total damage costs of $20 billion. While there is no ransomware that specifically targets Office 365 data, it can...