- Nigeria’s National Information Technology Development Agency (NITDA) has warned that cyber attackers are using LinkedIn to spread a new malware variant called ‘CovertCatch.’
- Individuals and organisations in sectors such as defence, media, tech, and academia are being targeted, with attackers distributing malware through fake job offers.
- These cybercriminals impersonate recruiters or job providers, tricking users into downloading malicious files or clicking harmful links.
Victims may be unaware they are at risk, as the malware often goes undetected. Once installed, it can steal confidential information, potentially leading to financial loss, data breaches, and reputational damage.
“CovertCatch can steal data, record keystrokes, and capture screen activity without being detected,” per NITDA.
Additionally, the malware increases the risk of further attacks, such as ransomware and system-wide compromise, posing a serious threat to industries and services.
In its alert, NITDA advised organisations and individuals to beware of unsolicited job offers or recruitment messages on LinkedIn, especially those requesting file downloads or linking to external sites.
Users should regularly monitor accounts for unusual login activity and enhance security by enabling multi-factor authentication, NITDA mentioned. Updating antivirus software and running frequent scans are also recommended to detect threats promptly.
NITDA also urged organisations to audit their LinkedIn connections periodically and restrict access to sensitive information according to roles and necessity.
This LinkedIn job scam warning is one of several recent cyber threat alerts issued by the agency. It had previously warned WordPress users in Nigeria about a vulnerability CVE-2024-28000, which affected over five million websites worldwide. Attackers could use the LiteSpeed Cache plugin, which is used to optimise websites, to gain complete control.
In September 2024, the agency warned about a Google Chrome zero-day exploit, CVE-2024-7971, which attackers used to target Internet users.
In its cybersecurity efforts, NITDA announced it will collaborate with the Chartered Institute of Forensics and Certified Fraud Investigator of Nigeria (CIFCFIN) to launch a cybersecurity lab in 2024. This partnership aims to promote digital forensics, strengthen the tech ecosystem, and combat cybercrime.
Written by Omoruyi Edoigiawerie, a seasoned startup attorney with over a decade of experience. Learn more.
In other news, the South African Artificial Intelligence Association (SAAIA) filed a complaint with South Africa’s Information Regulator against LinkedIn, alleging unauthorised data usage. SAAIA claims LinkedIn’s practices could breach local data protection laws, including the Protection of Personal Information Act (POPIA).