The National Information Technology Development Agency (NITDA) has alerted the public over a new malware, CovertCatch, which cybercriminals are using on LinkedIn to target various sectors, including defence, media, technology, and academia.
These cyber actors masquerade as recruiters, luring job seekers with fake employment offers that lead to malware infections.
NITDA Director of Media and Corporate Communications, Mrs Hadiza Umar, disclosed that these cyber attackers manipulate LinkedIn users into downloading harmful files or clicking on suspicious links, allowing CovertCatch to infiltrate their devices.
Once embedded, the malware can steal sensitive data, log keystrokes, and record screen activity—all without detection, posing severe security risks.
The ramifications of a CovertCatch attack are extensive. Victims could suffer financial losses, reputational damage, and large-scale data breaches.
NITDA warns that the malware goes beyond compromising individual devices to infiltrating organisational networks, potentially resulting in wider attacks like ransomware or even entire system takeovers.
Key sectors reliant on data security, such as critical infrastructure services, are particularly vulnerable to these cyber incursions.
To guard against this emerging threat, NITDA has laid out essential security guidelines. Both organisations and individuals are urged to scrutinise unsolicited LinkedIn job offers, particularly those involving file downloads or external links.
Added to these, implementing Multi-Factor Authentication (MFA) and regularly monitoring account activity for unusual behaviour are strongly recommended.
The advisory also stresses the importance of up-to-date antivirus software, which should be used routinely to scan and identify anomalies promptly. Further, NITDA suggests that organisations periodically audit LinkedIn connections and enforce access controls based on roles to limit exposure to sensitive data.
