North Korean hackers, part of the infamous Lazarus group, are targeting jobseekers on LinkedIn with a new wave of scams. Their goal? To infect victims with malware disguised as job offers. Here’s what you need to know and how to stay safe.
Malicious Job Offers on LinkedIn
Research from Bitdefender reveals a new scam within the ongoing Lazarus campaign, dubbed the Contagious Interview operation. The group is using LinkedIn as a platform to lure jobseekers with fake offers. These offers often promise well-paid, flexible remote work. But behind the enticing offers lies a malicious intent—infecting victims with malware.
What You Need to Know
- Targeted Industries: Hackers focus on high-profile sectors like defense, aerospace, and engineering to steal sensitive information.
- Fake Jobs: These positions typically involve remote work, cryptocurrency payments, or flexible hours to appear attractive.
- Infected Files: Victims are tricked into downloading malware disguised as interview feedback or coding tests.
How the Scam Works
- Initial Contact: A scammer messages you on LinkedIn, claiming to be a recruiter.
- Request for Personal Info: The scammer asks for your CV or GitHub profile, potentially harvesting sensitive data.
- Malicious Documents: They send a “feedback” document that contains malware, infecting your device.
Warning Signs of a Scam
- Vague job descriptions
- Poor communication or grammar in messages
- Unverified recruiters or profiles without credentials
Stay Safe: Protect Yourself from LinkedIn Scams
To avoid falling victim to these attacks, follow these safety tips:
- Vet Offers Carefully: Be skeptical of any job that sounds “too good to be true.”
- Avoid Clicking Links: Do not click links in unsolicited messages or emails.
- Verify Recruiters: Check for a LinkedIn profile with a verifiable history.
- Use Multi-Factor Authentication: Enable extra security layers on your LinkedIn account.
Apple’s Latest Update Blocks Malware Variants
In February 2025, Apple rolled out a new patch via its Xprotect tool to block variants of the macOS FerretFamily malware. This malware has been disguised as legitimate software, including Chrome and Zoom installers, to target applicants.
Conclusion
North Korean hackers are increasingly using platforms like LinkedIn to target jobseekers, especially those in high-profile industries. By recognizing warning signs and following security best practices, you can avoid falling victim to these sophisticated scams. Stay cautious and always verify job offers carefully.
