- North Korea computer pirates are using LinkedIn for job scammers
- False job offers often promise well -paid remote work
- But the victims are finally infected with malware
A long -lasting campaign of the notorious North Korean piracy group Lazarus has seen aspiring jobs stapped in many different ways, including the discharge of malware disguised as interview software, false coding tests, infants infants, and some companies have even accidentally hired North Korean computer pirates as remote IT workers such as remote workers.
Now, a new facet of the ‘contagious interview’ campaign has emerged, and this time, the computer pirates are using LinkedIn to cheat the victims, Bitdefender’s investigation warns.
LinkedIn can be a fantastic tool for professionals to be on a network, and many companies use the application to recruit new employees, and now it turns out that they are the Lázaro group.
Malicious offers
False recruitment scams finally result in the victim is infected with malware, and computer pirates tend to attack employment applicants in high profile industries, such as defense, aerospace or engineering, which seek to exfilt classified or confidential information, or even corporate credentials.
False work researchers observed in these scams were often remote, flexible and well paid jobs, sometimes involving cryptocurrencies as payment. These are designed to be attractive offers, so be careful with anything that looks too good to be true.
The scammers will send a message to a victim through LinkedIn, then they will request a CV or a personal repository link of GitHub (which could be used to harvest personal information). From there, the ‘recruiter’ shares a document of ‘comments’, which infects the victim with malware.
There are some warning signs to take into account, such as vague work descriptions, poor communications and users without Popper documentation. Be sure to examine any job offer, applications and interview offers, and do not click any link from unknown sources.
In February 2025, Apple delivered a new patch in XProtect, its malware elimination tool on the device to block the variants of the ‘Ferretfamily’ of Macos, which had been found disguised as Chrome or Zoom installers aimed at applicants.
