Did you read the job post above? It’s an active LinkedIn job advertisement from a company called SmartMotionApp. At the time of writing this post, it has been running for 3 weeks.
At first glance, it looks like the perfect opportunity for content marketers. Except it’s not.
It’s part of a meticulously planned and possibly AI-assisted phishing campaign. In case you’re new to the cybersecurity world, phishing is a technique used by hackers to trick victims into sharing sensitive data or downloading malicious software.
The hiring company claims to be the maker of a popular motion design app called Alight Motion. However, upon researching, I gathered that Alight Motion was developed by Bending Spoons – the company behind Evernote, Meetup, Splice, among others.
My interest was piqued. So I decided to investigate.
The campaign has been distributed across 114 countries. I know this because there are 114 job postings on the company’s profile. Same role, different countries. That was my first red flag.
Next, I went to the company’s official website as highlighted on LinkedIn. Instead of the official Alight Motion app, the site is pushing a cracked version. Second red flag🚩🚩. How much do you wanna bet, the app is malware?
I didn’t download it because I don’t have a home lab to test it. If you’re reading this and you have one, it would be awesome to get your insights.
The rising threat of fake LinkedIn jobs
This is not the first case of malicious actors leveraging LinkedIn to execute their attacks. I have read and reported on similar incidents multiple times. There was even a reversed one in which the threat actors posed as employees so they could get hired and infiltrate companies from the inside.
However, this is the first time I’m personally encountering one. It may not be the most clever, but it has the psychological triggers to make it successful.
What’s one of the biggest pain point for content marketer’s? Engagement, right? Creative designs and video animation are two excellent ways to boost content engagement. Moreover, Alight Motion is one of the top recommended tools to use, but it’s a paid option.
If suddenly one was to encounter a version of the tool promising all the premium features at no cost, it’s easy to forget how you landed on the page in the first place.
Not to mention, the scammers have done a great job of selling the tool. That’s why I suspect AI was involved. Here’s an excerpt from the website:
“Want to create pro-level videos and animations for TikTok and Instagram without breaking the bank on an Alight Motion Premium subscription? Frustrated with the free version’s annoying watermarks and limited features holding back your creativity? Say hello to Alight Motion Mod APK — the secret weapon that unlocks all the premium tools you need, completely free.”
These cybercriminals must be content marketers themselves😄. They understand a thing or two about creating persuasive copy.
Over 50,000 content marketers affected
As it happens, I’m trialing LinkedIn premium so I have access to advanced insights. There’s a feature that shows you the number of a job’s applicant. That’s the one I used to estimate the phishing campaign’s reach.
It seems my country Kenya has been the most affected. Over 1,000 people clicked on the apply button.
Some other countries include India (900), Egypt (800), Turkey (700), India (700), South Africa (500), Romania (400) and Denmark (100).
Overall, almost every country in Africa, Europe, Middle East, and Asia has been targeted, with each job averaging 500 applications . Assuming even a 1% success rate, that’s at least 500 people who downloaded the malicious app.
The US, UK, Israel, and Russia are some of the big countries I didn’t see on the job lists.
Awareness starts with you and me
There goes the story of how I identified and flagged an advanced phishing scheme. My first original finding as a cybersecurity writer.
Does that mean I’m now a cybersecurity researcher?🤔
This exposee will probably not reach the top publications. It’s insignificant compared to other sophisticated campaigns being carried out daily. Still, we can do something about it.
I’ve done my part. I’ve written the story. Help me spread it by sharing with your network. More importantly, do you know any content marketer? Bring this to their attention ASAP. They need the information the most.
Oh, a while back I did a post on how people get hacked and how to protect yourself. Check it out to learn more.
Leave feedback about this