Subtle changes in how professionals communicate online are opening new doors for cybercriminals. Messaging on social media platforms, once seen as a minor threat compared with email, is now emerging as a key entry point for sophisticated cyber intrusions.
Cybersecurity researchers say attackers are increasingly exploiting platforms such as LinkedIn to bypass traditional corporate defenses. For years, organizations have centered their security strategies on email, investing heavily in phishing filters, monitoring tools, and employee training. However, recent findings suggest this approach no longer reflects how modern attacks begin.
According to a cybersecurity firm, social media platforms widely used for business networking have become a major blind spot in organizational security. Unlike corporate email systems, private messages on platforms like LinkedIn are not fully integrated with logging, monitoring, or automated threat detection. This limited visibility makes them an attractive channel for phishing and malware delivery.
Researchers note that the risk is also behavioral. Messages on professional networking platforms arrive in a trusted context, where personal and work communication often overlap. Attackers exploit this trust to lower suspicion and increase engagement.
LinkedIn has repeatedly been used for targeted cyber deception. In earlier campaigns, North Korea–linked threat groups behind operations such as CryptoCore and Contagious Interview approached victims with fake job offers. Targets were convinced to run seemingly legitimate tasks or code reviews, which instead triggered malware infections.
More recently, investigators uncovered a fresh phishing campaign using LinkedIn’s direct messaging system. The activity appears widespread across industries and regions. Because these attacks unfold in private messages rather than email inboxes, researchers warn that the true scale remains difficult to measure.
In March 2025, another cybersecurity firm reported a LinkedIn-themed phishing effort that used fake InMail alerts. Victims were urged to click “Read More” or “Reply To” links, which led to the download of remote desktop software from ConnectWise. Once installed, attackers gained full control of the affected systems.
The latest campaign blends familiarity with stealth. High-value individuals are contacted and persuaded to download a malicious WinRAR self-extracting file. When opened, it installs a legitimate PDF reader along with hidden malicious components. The attack uses DLL sideloading, where trusted software loads harmful code without triggering alerts.
After infection, the malware establishes persistence through Windows registry changes and executes encoded payloads in memory. Researchers say at least 3 recent campaigns have used similar techniques to spread malware such as LOTUSLITE and PDFSIDER.
Experts warn that abusing trusted tools and social platforms allows attackers to scale operations while avoiding detection. Organizations are being urged to treat social media messaging as a critical attack surface, not a secondary risk.
Also read: Viksit Workforce for a Viksit Bharat
Do Follow: The Mainstream formerly known as CIO News LinkedIn Account | The Mainstream formerly known as CIO News Facebook | The Mainstream formerly known as CIO News Youtube | The Mainstream formerly known as CIO News Twitter
About us:
The Mainstream is a premier platform delivering the latest updates and informed perspectives across the technology business and cyber landscape. Built on research-driven, thought leadership and original intellectual property, The Mainstream also curates summits & conferences that convene decision makers to explore how technology reshapes industries and leadership. With a growing presence in India and globally across the Middle East, Africa, ASEAN, the USA, the UK and Australia, The Mainstream carries a vision to bring the latest happenings and insights to 8.2 billion people and to place technology at the centre of conversation for leaders navigating the future.
