The popular professional networking and job search site, LinkedIn, is currently being used by some threat actors as the lure for a social engineering scheme designed to steal a user’s credentials and spread malicious binaries. The bad actors also used a legitimate site hosting company, called Yola, to host the malicious content in an attempt to further look legitimate. The .NET-based binaries hosted on this site are related to the Agent Tesla malware and another previously unseen in-the-wild malware family. Its major functionality is information stealing and exfiltrating data through SMTP. Agent Tesla has been a frequent occurrence in cyber attack campaigns throughout the second quarter of 2020, and is active again.