If you’re hiring, or looking to get hired for a new job – be very careful who you talk to. Cybersecurity researchers from Palo Alto’s Unit 42 have discovered two separate malware campaigns – one targeting employers, and the other job hunters – run by North Korean state-sponsored threat actors. 

Dubbed “Contagious Interview”, the campaign sees hackers impersonate employers, creating fake profiles on various social media networks and try to get software developers interested in a new job opportunity. 

During the interview process (which often includes multiple steps, possibly even video interviews), the hackers would get the victims to download and run files which end up infecting their endpoints with malware.


New malware

This campaign most likely started in December last year, and given that parts of the infrastructure are still active, the campaign is still very much a threat. 

Its goal, according to the report, is to steal cryptocurrencies from the victims, and later use their endpoints as a stepping stone for additional attacks.

The campaign in which hackers seek employment is dubbed “Wagemole”. The threat actors are mostly going for US-based firms, Unit 42 says, but they won’t pass up on an opportunity anywhere else in the world. During the process, the attackers create multiple resumes with different technical skill sets, as well as multiple identities impersonating individuals from different parts of the world. It also includes common job interview questions and answers, scripts 

for interviews and downloaded job postings from US companies. 

For the attack to be successful, the victims need to download and run two types of previously unseen malware – one called BeaverTail, and the other one called InvisibleFerret. While BeaverTail is a JavaScript-based piece of malware hidden inside an npm package, InvisibleFerret is a “simple but powerful” Python-based backdoor. Both samples can be run on Windows, macOS, and Linux devices.

More from TechRadar Pro

Services MarketplaceListings, Bookings & Reviews

Entertainment blogs & Forums

Scale ai prompt engineer : navigating the role. The customer approves that previsto can involve sub processors to process personal data on the customer's behalf.