A newly discovered phishing campaign is using fake LinkedIn InMail notifications to distribute the ConnectWise Remote Access Trojan (RAT), according to Cybersecurity intelligence firm Cofense. Unlike traditional LinkedIn phishing scams that aim to steal login credentials, this attack delivers malware directly to the victim’s device.
The fraudulent emails, which claim to be from a sales director requesting a quote, closely mimic LinkedIn’s branding. However, they use an outdated InMail template from before LinkedIn’s 2020 UI refresh—making them particularly convincing for long-time users. Clicking on the embedded “Read More” or “Reply To” buttons triggers the download of the ConnectWise RAT installer.
This attack was identified on a system protected by Microsoft Defender for Endpoint, underscoring the need for businesses to stay vigilant against evolving phishing tactics. Security teams are urged to educate employees on spotting #Phishing attempts and to ensure their endpoint protection solutions are equipped to detect and block such threats.