Fake LinkedIn emails abuse Adobe to track victims

Malwarebytes details a LinkedIn-themed phishing campaign where attackers send emails with a double-extension attachment (pdf.html) containing obfuscated JavaScript that displays a fake LinkedIn login. The campaign abuses Adobe Target (lnkd.tt.omtrdc.net) as a redirect/tracking point and exfiltrates credentials via a Russian-hosted PHP endpoint (http://a1263367.xsph.ru/taam/Ln.php), then redirects victims to the legitimate LinkedIn site to avoid detection; the report includes indicators and mitigation advice.