HomeTech NewsLinkedIn Vulnerability 'Left Millions Exposed' to Malware

LinkedIn Vulnerability ‘Left Millions Exposed’ to Malware

There is a possibility that LinkedIn’s security restrictions have flaws which gave cyber-criminals access to insert malware-filled attachments in the social network’s messenger service.

As the security researchers at Checkpoint say, what happens when a valid file is uploaded and sent on LinkedIn, is that the site’s security protections scan the attachment in order to find any malicious activity. But what the researchers have discovered is that attackers can bypass those security measures if the send the malicious file to the messaging service of the site.

So far, the researchers found four exploits of these vulnerabilities in the LinkedIn’s system. First one is the possibility for the attacker to create a malicious Power Shell script, which gets saved as a .pdf file that gets uploaded to the site’s CDN server. Once downloaded, the malicious file remains undetected.

The second flaw lets a hacker create a Windows registry file that has the malicious Power Shell script and hide it as a .pdf file. The victim would open the file received through LinkedIn and the crafted REG containing the malicious payload would runs, giving an attacker control over the user’s machine. From now on, the script will run each time the user logs in to his computer.

The third flaw makes it possible for a hacker to create a malicious XLSM file, embedded with Macro, disguised as an XLSX file. The Macro is a scrambled VB script shell code. The disguised file will pass the anti-virus check and then be uploaded to LinkedIn’s CDN and sent to the targeted user. Once they open the malicious XLSM file, Excel runs the VB scripts and the victim gets infected.

The very last way to hack through vulnerabilities in LinkedIn’s system is by creating a malicious DOCX file with an external object in it. Link the object to an HTA file on the server and the file gets uploaded on the LinkedIn’s CDN, going through the anti-virus check without being detected and sent to the targeted person. When the victim opens the malicious DOCX file, WINWORD automatically downloads the HTA file through the object link and runs it. Once the HTA file is executed, the victim is infected.

Checkpoint’s researchers have found and identified the four flaws and reported the discovery to LinkedIn on 14 June 2017. LinkedIn checked and confirmed the existence of the security issues and deployed a fix effective 24 June 2017.

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments

Latest news

Moto E4 Review

We know why you're reading this Motorola Moto E4 review:Sometimes, in a bid to save money, you find yourself with what is essentially an...

Smartphone Addiction: Signs and Tips to Beat It

Smartphone addiction often goes unnoticed against the stark backdrop of drug, alcohol, and gambling dependencies. However, in a world bound together by digital devices,...

Google Nexus 10 Review

Recently, Google has launched a new and fabulous extension of Nexus series i.e. Nexus 10 and it is indeed one step ahead of all...