Cybercriminals exploit any form of cheating or spying on their victims, can be a false security alert in an email or sending a resume through the job search platform LinkedIn.
A security bug in the LinkedIn Messenger messaging tool has been exploited to send malware under the pretext of being a cv, as security provider Check Point Software Technologies points out.
LinkedIn is a professional network with more than 500 million registered users, so many people may be at risk of cyberattack. Within this portal, the Messenger application is the most used because it allows users to share their curriculum simply, as well as academic publications or job offers.
Like a mail server like Hotmail or Gmail, users open the contents of the inbox with the idea that what they receive is secure. LinkedIn has a restriction system so that when uploading and sending a file, the tools analyze it for a virus. Among other things, you have limited file formats that can be attached to a message.
However, Check Point discovered after testing that there was a way to skip that protocol. The attackers could upload a file that seemed normal for the security system to consider safe. While the truth is that it was malware intended to infect the target user’s network.
The analysis showed four safety gaps in LinkedIn. The network was informed on June 14, and after being aware of the faults, the platform solved it after ten days after having verified and recognized it.