DANGER PHONE

Warning for millions of iPhone and Android owners – popular app has huge danger

NORTH Korean hackers are posing as LinkedIn recruiters to distribute hacked versions of software to unsuspecting victims.

According to security researchers at Microsoft, a number of major U.S. organisations have been targeted using the sneaky technique.

Advertisement
North Korean hackers are posing as recruiters on LinkedIn to send people malwareCredit: Alamy

Those groups include major players in the media, defence and aerospace, and IT services industries, Microsoft said on Thursday.

Microsoft pinned the blame on members of Lazarus, one of North Korea's most notorious state-sponsored hacking groups.

Its list of high-profile hacks includes an ingenious cyber heist on the Central Bank of Bangladesh in 2016 that stole $81million.

Lazarus is also believed to have been responsible for the spread of the WannaCry ransomware in 2017 that shut down parts of the NHS.

Advertisement

According to Microsoft, the group is now hunting down its next target using fake LinkedIn profiles.

An attacker poses as a recruiter on the business-oriented social network and sends employees of a major firm a direct message.

Posing as a LinkedIn recruiter, they build trust with the victim and encourage them to move over to WhatsApp.

Once they've established a chat there, they send over a fake version of popular open source software containing a virus.

Advertisement

Most read in Tech

INTER-NOT!
Do you have the WORST broadband in the UK? Map shows streets with slowest speeds
SOUR APPLE
Apple fans warned 15 popular gadgets have been discontinued including iPhones
KICK OFF
FIFA finally reveals its game to rival EA Sports FC but it’s not on console
TV Makeover
Everything you need to know about Viktor's leaked rework in League of Legends

Open source software is a computer programme that anyone can use or modify for free, and is popular in tech-savvy industries such as IT.

The attackers' software includes dodgy versions of PuTTY, KiTTY, TightVNC, Sumatra PDF Reader, and muPDF/Subliminal Recording software installer. 

Once downloaded, it releases North Korean malware that infects the victim's computer, Microsoft said.

The U.S. tech giant said the purpose of the attacks appears to be cyberespionage and attempts to steal money or data.

Advertisement

It could also be corporate network sabotage, Microsoft added.

It's a state-sponsored version of a common form of cyber attack called a phishing attack.

Phishing attacks lure victims to click on a website or download a file that appears to be from a trusted entity, such as a bank, social media platform or other service.

The website, however, is phoney with fake content designed to persuade a victim to enter sensitive information, like a password or email address.

Advertisement

It's important to only access websites or files sent to you by people you trust.

Best Phone and Gadget tips and hacks

Looking for tips and hacks for your phone? Want to find those secret features within social media apps? We have you covered...

Get all the latest WhatsApp, Instagram, Facebook and other tech gadget stories here.


We pay for your stories! Do you have a story for The Sun Online Tech & Science team? Email us at tech@the-sun.co.uk

Topics
Advertisement
machibet777.com