A phishing campaign is abusing LinkedIn private messages to target executives and IT workers, according to researchers at ReliaQuest. The messages attempt to trick victims into opening an archive file, which will install a legitimate pentesting tool.
“A critical element of this attack was the use of a legitimate, open-source Python script designed for pen-testing,” ReliaQuest says. “Relying on publicly available tools means less effort for attackers and allows them to reduce costs and detection risks—all while lowering the technical barrier to entry.”
The researchers stress that the abuse of legitimate tools makes the campaign more likely to bypass security defenses.
“In this campaign, attackers used WinRAR and Python, but similar tactics could extend to other widely used tools, such as PowerShell,” the researchers write. “These tools are integral to daily operations, making it impractical for organizations to block them entirely. This highlights the ongoing challenge of distinguishing between legitimate activity and malicious behavior, leaving organizations vulnerable to similar attacks.
“What’s more, as organizations increasingly rely on social media platforms for business and marketing purposes, these channels create new attack surfaces. Employees managing corporate social media accounts or engaging on these platforms are exposed to phishing attempts in environments with minimal security controls.”
Employees need to maintain a healthy sense of suspicion across all online platforms in order to avoid falling for social engineering attacks.
“This campaign serves as a reminder that phishing isn’t confined to email inboxes,” the researchers write. “Phishing attacks take place over alternative channels like social media, search engines, and messaging apps—platforms that many organizations still overlook in their security strategies. Social media platforms, especially those frequently accessed on corporate devices, provide attackers with direct access to high-value targets like executives and IT administrators, making them invaluable to cybercriminals.”
KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 HRM+ platform to strengthen their security culture and reduce human risk.
ReliaQuest has the story.
Here's how it works:
