North Korean hackers target job seekers with fake interviews
Fake windows video conferencing apps tricked victims into downloading malware
Research has found that North Korean cyber criminals tricked unsuspecting ‘candidates’ into downloading fake Windows video conferencing applications which impersonated FreeConference.com. The campaign was labeled ‘Contagious Interview’ after being discovered by analysts.
Discovered by cyber security company ‘Group-IB’, the campaign was reportedly carried out by known threat actor ‘Lazarus’, who has been observed to have run similar operations in the past.
The attacks started through a job search platform, such as LinkedIn or Upwork. The attackers reached out to the intended target to discuss a job opportunity, and invited them to continue the discussion via Telegram. From there, the victim would be asked to download a video conferencing app FreeConference or Node.js for a trial technical task.
Elaborate schemes
Of course, these installers were fake, and the victim unknowingly downloaded malware named BeaverTail, which delivered a backdoor known as InvisibleFerreft, equipped with keylogging, remote control, and browser stealing capabilities. The FBI recently released a statement warning of efforts from North Korean hackers,
“North Korean social engineering schemes are complex and elaborate, often compromising victims with sophisticated technical acumen. Given the scale and persistence of this malicious activity, even those well versed in cybersecurity practices can be vulnerable to North Korea's determination to compromise networks connected to cryptocurrency assets.”
The Lazarus group is infamous and has reportedly been active since 2010. In that time, it has attacked a range of targets, including governments, healthcare, finance, and defense infrastructure.
As always, we recommend only downloading apps from official sources, and verifying the identity of anyone you're speaking to online. We’ve listed our picks for the best malware removal software to help keep your information safe.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Via The Hacker News
More from TechRadar Pro
- Take a look at our pick of the best encryption software out there today
- Sinbad crypto mixer used by North Korean Lazarus Group seized by US government
- Here are our best firewall tools to keep your business protected
Ellen has been writing for almost four years, with a focus on post-COVID policy whilst studying for BA Politics and International Relations at the University of Cardiff, followed by an MA in Political Communication. Before joining TechRadar Pro as a Junior Writer, she worked for Future Publishing’s MVC content team, working with merchants and retailers to upload content.