Last November, the UK’s Security Service alerted members of Parliament about a foreign intelligence-gathering scheme: two LinkedIn profiles were contacting people working in British politics to request “insider information.” The MI5 revelations triggered a £170 million ($230 million) government initiative to address espionage threats against Parliament. While this is a high-profile case, ESET, a leading company in proactive threat detection, states that it is far from the first or only one. The site could also be a veritable treasure trove of corporate data that could be maliciously used to support fraud or threat campaigns.

Therefore, it is important to learn from this analysis and valuable professional opinion provided by ESET.

LinkedIn has amassed over one billion members worldwide since its founding in 2003. This represents a vast pool of potential targets for state-backed or financially motivated threat actors. Firstly, it is an extraordinary source of information where malicious actors can discover the roles and responsibilities of key individuals within a target company and reconstruct or reshape the relationships between individuals and projects they might be working on. Furthermore, it provides credibility and cover because, as a professional network, it is frequented by both high-level executives and lower-level employees, and it is a context in which a victim is more likely to open a direct message or InMail from someone on the platform than an unsolicited email.

On the other hand, it bypasses “traditional” security because there is no guarantee that phishing messages, malware, or spam won’t get through; and due to the site’s perceived credibility, target users may be more likely to click on malicious content. Finally, it’s easy to start operating; anyone can create a profile and begin lurking on the site to gather intelligence or send phishing messages and Business Enforcement (BEC) scams. Furthermore, attackers can hijack existing accounts or create fake identities before posing as candidates and recruiters for positions and jobs. The large number of compromised credentials circulating on cybercrime forums (due in part to infostealers) makes this relatively easy.

There are several ways threat actors can operationalize their malicious campaigns:

• Phishing and spearphishing: By using the information users share in their profiles, attackers can customize phishing campaigns (fake emails) to increase their success rate.
• Direct attacks: Contact can be made directly through malicious links designed to deploy malware, such as infostealers, or promote fake job offers intended to steal credentials.
• BEC: Similar to phishing, LinkedIn provides a wealth of intelligence that can be used to make Business Email Compromise attacks appear more convincing. It can help scammers identify who reports to whom, what projects they are working on, and the names of partners or suppliers.
• Deepfakes: LinkedIn can also host videos of targeted individuals, which can be used to create deepfakes and employ them in subsequent phishing, BEC, or social media scams.
• Account hijacking: Fake LinkedIn pages (phishing), infostealers, credential stuffing, and other techniques can help attackers take control of user accounts. These hijacked accounts can then be used in subsequent attacks targeting their contacts.
• Attacks on suppliers: LinkedIn can also be tracked for information about partners of a target company, who would also be targeted with phishing as part of a malicious “domino effect” strategy.

“The challenge posed by threats on LinkedIn is that IT departments find it difficult to obtain accurate information about the extent of the risk their employees face, and the tactics used to attack them. However, it makes sense to include LinkedIn threat scenarios like those described above in security awareness training courses. Employees should also be warned about the risk of oversharing information on the platform and given guidance on how to detect fake accounts and typical phishing lures,” says Mario Micucci, Cybersecurity Researcher at ESET Latin America.

ESET provides information on various threat groups that have used some of these tactics

• The Lazarus Group (North Korea) has posed as recruiters on LinkedIn to install malware on the computers of people working at an aerospace company, according to ESET Research. In fact, the research team also recently described the “Wagemole” campaigns, in which individuals aligned with North Korea attempt to obtain employment at foreign companies.
• ScatteredSpider contacted MGM’s help desk, impersonating an employee whose identity they obtained from LinkedIn, in order to gain access to the organization. The subsequent ransomware attack resulted in losses of $100 million.
• A spearphishing campaign called “Ducktail” targeted marketing and human resources professionals on LinkedIn, delivering malware and stealing information through links sent via direct message. The malware was hosted in the cloud.

Prevention

“To prevent account hijacking, a policy of regularly updating patches should be followed, security software should be installed on all devices (from a trusted vendor), and multifactor authentication should be enabled. Additionally, in corporate environments, it may be worthwhile to organize specific training sessions for executives, who are often the most frequent targets of attacks. Above all, ensure that the team is aware that, even on a network considered trustworthy like LinkedIn, not everyone acts in good faith or in their best interest,” recommends the ESET researcher.

ESET invites you to learn more about cybersecurity by visiting:  https://www.welivesecurity.com/es/.

For other useful preventative information, also available in Venezuela at: https://www.eset.com/ve/, and on their social media channels @eset_ve. Also on Instagram (@esetla)  and Facebook (ESET).

Information and image provided by ESET

Follow our news on Google! For current, interesting, and accurate information, click here to see all the content on Bitfinance.news. You can also find us on X/Twitter and Instagram

La entrada Malicious actors hunt and manipulate on the important LinkedIn network; we must protect ourselves apareció primero en Bitfinance.

In Latin America, the mobile landscape has very clear characteristics. The region concentrates many malware detections for Android, focusing on Mexico and Brazil, according to the latest ESET Threat Report. Unlike more northerly regions or Europe, Android is the most prevalent operating system by a significant margin. In line with what ESET, a leading company in proactive threat detection, observes globally, the phone is the primary device for most people, and recent devices coexist with models that no longer receive updates. According to the research group, this mix of high dependency, fragmentation, and outdated versions creates an environment where many malicious codes find space to proliferate. This is an issue we should all be aware of, whether we are basic and occasional users or advanced and active ones.

“In addition, many of the most effective distribution channels remain fully operational in the region. SMS or messaging campaigns with direct links, modified APKs shared outside of official stores, and applications that manage to enter legitimate stores with very few reviews or signs of real activity continue to be key vectors. This ecosystem facilitates both the circulation of known malware families and the constant emergence of new or unsophisticated variants that still manage to gain traction,” comments Martina Lopez, Cybersecurity Researcher at ESET Latin America.

ESET analyzes the 3 most frequently detected malware families in the region during 2025

Trojan.Android/Exploit.CVE-2012-6636: An old vulnerability that remains present in the mobile ecosystem because many Android applications continue to use legacy components. The flaw affects apps that use WebView with an insecure configuration and that were compiled with versions prior to Android 4.2. Even if the device is modern, the application may retain this vulnerable behavior. In this context, a malicious webpage loaded within the WebView itself can interact with the app’s internal code in ways that should not be possible, opening the door to the execution of unauthorized actions.

In the current mobile threat landscape, this exploit is not usually the focus of complex campaigns, but it does appear embedded in APKs distributed outside of official app stores or present in applications that no longer receive updates. Publicly available exploits exist for CVE-2012-6636, including modules embedded in frameworks like Metasploit, making it easy for malicious actors to use. Furthermore, it was reported as one of the most prevalent Android exploits in 2023, according to the ESET Security Report 2024.

Trojan.Android/Exploit.Lotoor: This is a family of privilege escalation exploits used for over a decade to gain root access on Android devices. It encompasses a set of techniques that abuse operating system vulnerabilities in various early versions of Android, especially flaws discovered between 2010 and 2013. Under this umbrella are exploits that take advantage of errors in drivers, system services, or memory management, allowing code to be executed with privileges higher than those of the application.

Its modules continue to reappear within malicious tools that seek to activate advanced functions such as uninstalling security apps, modifying internal configurations, or installing additional payloads. This is not the first time the research team has observed Lotoor in the top spots.

Trojan.Android/Pandora: This is malicious code linked to a variant of Mirai adapted for the Android ecosystem. It was first observed in 2023 within popular streaming applications in the region, especially on Android TV boxes and sticks commonly used to access unofficial content. In these cases, attackers distribute APKs that function as legitimate streaming apps but include a malicious component capable of turning the device into part of a botnet. In some models, modified firmware was even detected that came infected from the factory, amplifying the reach of the attack.

Once installed, Pandora maintains communication with a command and control server, receives instructions, and executes the typical capabilities of a Mirai-based botnet, with the focus on launching distributed denial-of-service attacks.

“This 2025 outlook shows us that Android threats continue to rely on well-known vectors and the lack of device and application updates, which keeps exploits and vulnerabilities that have been circulating for years alive. Even so, this doesn’t mean the risk is limited to the usual suspects. Less widespread, but equally relevant, threats also persist, such as banking trojans or fraudulent lending apps, which operate in a much more targeted way and seek a direct impact on the user’s finances. And, in parallel, emerging threats and increasingly innovative techniques are appearing, such as malware capable of cloning cards via NFC, reflecting a constantly evolving mobile ecosystem with a growing level of sophistication,” concludes Lopez from ESET Latin America.

In this context, protecting information and devices from these threats becomes vital.

ESET shares the following tips to avoid becoming a victim

• Keep your device updated and don’t use older versions of Android if an update is available.
• Install applications only from official stores or verified sources.
• Avoid APKs from unknown sources, even if they promise “premium” features or free content.
• Check permissions, developer activity, and the actual number of reviews before installing an app.
• Use reliable security solutions that detect exploits, Trojans, and anomalous behavior.
• Avoid disabling system protections and prevent the installation of unknown apps.
• Be wary of messages, links, or ads that promise quick access, discounts, or special features.

ESET invites you to learn more about cybersecurity by visiting: https://www.welivesecurity.com/es/.

For other useful preventative information, also available in Venezuela: https://www.eset.com/ve/, and on their social media channels @eset_ve. Also on Instagram (@esetla) and Facebook (ESET).

Bitfinance.news

(With information and images provided by ESET and Comstat Rowland)

Visit our news channel on Google News and follow us to get accurate, interesting information and stay up to date with everything. You can also see our daily content on X/Twitter and Instagram

La entrada Cybersecurity: The malware that most attacked Android smartphones apareció primero en Bitfinance.