Researchers at WithSecure have discovered a spear phishing campaign targeting employees who have access to Facebook Business accounts. The attackers are targeting specific employees, and then sending malware through LinkedIn messages.

“Based on telemetry and investigation conducted by WithSecure, one approach employed by the threat actor is to scout for companies that operate on Facebook’s Business/Ads platform and directly target individuals within the company/business that might have high-level access to the Facebook Business,” the researchers write. “We have observed individuals with managerial, digital marketing, digital media, and human resources roles in companies to have been targeted. WithSecure Countercept Detection and Response team has identified instances where the malware was delivered to victims through LinkedIn. These tactics would increase the adversary’s chances of compromising the respective Facebook Business all the while flying under the radar.”

Facebook’s parent company Meta told WithSecure that they’re doing their best to stop these scammers, but the ultimate responsibility is on the users to avoid downloading untrusted software.

Meta stated, “We welcome security research into the threats targeting our industry. This is a highly adversarial space and we know these malicious groups will keep trying to evade our detection. We are aware of these particular scammers, regularly enforce against them, and continue to update our systems to detect these attempts. Because this malware is typically downloaded off-platform, we encourage people to be cautious about what software they install on their devices.”