Cyber Blog

Cybersecurity experts have uncovered a sophisticated phishing campaign that uses LinkedIn’s private messaging feature to deliver harmful software to unsuspecting targets. Instead of relying on traditional email phishing, attackers first reach out to users through LinkedIn messages, building a sense of trust before introducing malicious files.

The campaign specifically targets high-value individuals and professionals by sending seemingly legitimate messages that encourage recipients to download a file. Once the victim runs the downloaded archive, it unpacks several components, including a seemingly real application and a disguised malware library. This library is then loaded by the legitimate application, allowing the malicious code to run without triggering typical security alerts.

A key tactic used in the attack is known as DLL sideloading, where a rogue library is executed under the guise of a trusted program. This makes it harder for antivirus software to detect the threat because the initial process appears legitimate. The malware also includes a popular scripting tool, which is used to help the attackers maintain control over the compromised system and evade detection.

Once installed, the malware attempts to establish persistent access to the victim’s machine. It can create ways to auto-start with each login and communicate with external servers, giving attackers remote access and the ability to steal sensitive data. The campaign underscores how social media platforms — once considered relatively safe for professional communication — are increasingly being exploited as a vector for cyberattacks.

This shift in tactics highlights the growing importance of vigilance on social platforms. Users are encouraged to be cautious about unexpected messages and downloads, especially those involving attachments or software files. The incident also serves as a reminder that attackers constantly adapt, finding new ways to bypass traditional security defenses and exploit trust in everyday digital tools.