- North Korean pirates use LinkedIn to the crooks of the fraud
- False job offers often promise a well -paid distance work
- But the victims are ultimately infected with malicious software
A long-term campaign of the North Korean North Korean Lazarus group has seen hopes for ripples in different ways, including the download of malicious software disguised as an interview software, false coding tests, infostators and certain companies even accidentally hired North Korean pirates as distant IT workers in remote computer.
Now, a new facet of the “contagious interview” campaign has appeared, and this time, the pirates use Linkedin to the victims of scams, Bitdefender’s research warns.
LinkedIn can be a fantastic tool for professionals to network, and many companies use the application to recruit new employees, and now it turns out that the Lazare group is also.
Malicious offers
False recruitment scams finally lead to the victim infected with malware, and hackers tend to target job seekers in high -level industries, such as defense, aerospace or engineering – seeking to Exfiltrate classified or sensitive information, or even business identification information.
The false jobs that researchers observed in these scams were often a distance, flexible and well paid, sometimes involving cryptocurrencies as payment. These are designed to be attractive offers, so beware of everything that seems a little too good to be true.
The crooks send a message to a victim via LinkedIn, then by asking for a link of CV repository or personal Github (which could be used to collect personal information). From there, the “recruiter” shares a “feedback” document, which infects the victim with malicious software.
There are warning signs to monitor, such as vague work descriptions, mediocre communications and users without Popper documentation. Make sure you check job offers, applications and offers between interviews – and do not click on links from unknown sources.
In February 2025, Apple delivered a new correction on Xprotect, its malware removal tool available to block the variants of the “ferretfamily” macOS – which had been found disguised as chromium or zoom installers targeting candidates.
