North Korean hackers are posing as job interviewers - don't be fooled

News
By published

You won't get a job - but you might get a virus

Anonymous Hacker
(Image credit: TheDigitalArtist / Pixabay)

If you’re hiring, or looking to get hired for a new job - be very careful who you talk to. Cybersecurity researchers from Palo Alto’s Unit 42 have discovered two separate malware campaigns - one targeting employers, and the other job hunters - run by North Korean state-sponsored threat actors. 

Dubbed “Contagious Interview", the campaign sees hackers impersonate employers, creating fake profiles on various social media networks and try to get software developers interested in a new job opportunity. 

During the interview process (which often includes multiple steps, possibly even video interviews), the hackers would get the victims to download and run files which end up infecting their endpoints with malware.

Reader Offer: $50 Amazon gift card with demo

Reader Offer: $50 Amazon gift card with demo
Perimeter 81's Malware Protection intercepts threats at the delivery stage to prevent known malware, polymorphic attacks, zero-day exploits, and more. Let your people use the web freely without risking data and network security.

Preferred partner (What does this mean?

New malware

This campaign most likely started in December last year, and given that parts of the infrastructure are still active, the campaign is still very much a threat. 

Its goal, according to the report, is to steal cryptocurrencies from the victims, and later use their endpoints as a stepping stone for additional attacks.

The campaign in which hackers seek employment is dubbed “Wagemole”. The threat actors are mostly going for US-based firms, Unit 42 says, but they won’t pass up on an opportunity anywhere else in the world. During the process, the attackers create multiple resumes with different technical skill sets, as well as multiple identities impersonating individuals from different parts of the world. It also includes common job interview questions and answers, scripts 

for interviews and downloaded job postings from US companies. 

For the attack to be successful, the victims need to download and run two types of previously unseen malware - one called BeaverTail, and the other one called InvisibleFerret. While BeaverTail is a JavaScript-based piece of malware hidden inside an npm package, InvisibleFerret is a “simple but powerful” Python-based backdoor. Both samples can be run on Windows, macOS, and Linux devices.

More from TechRadar Pro

TOPICS
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
Hacker silhouette working on a laptop with North Korean flag on the background
North Korean hackers are targeting LinkedIn jobseekers with new malware - here's how to stay safe
A digital representation of a lock
Looking for a new job? Watch out you don't fall for this new malware scam
A hand reaching out to touch a futuristic rendering of an AI processor.
North Korean fake job hackers are going the extra mile to make sure their scams seem legit
Hacker silhouette working on a laptop with North Korean flag on the background
FBI claims North Korean workers are hacking the US companies which hired them
North Korean flag with a hooded hacker
North Korean hackers are posing as software development recruiters to target freelancers
Red padlock open on electric circuits network dark red background
CrowdStrike warns of fake job offer scam that is actually just malware
Latest in Security
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
Lock on Laptop Screen
Medusa ransomware is able to disable anti-malware tools, so be on your guard
An abstract image of digital security.
Fake file converters are stealing info, pushing ransomware, FBI warns
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Coinbase targeted after recent Github attacks
hacker.jpeg
Key trusted Microsoft platform exploited to enable malware, experts warn
IBM office logo
IBM to provide platform for flagship cyber skills programme for girls
Latest in News
Zendesk Relate 2025
Zendesk Relate 2025 - everything you need to know as the event unfolds
Disney Plus logo with popcorn
You can finally tell Disney+ to stop bugging you about that terrible Marvel show you regret starting
Google Gemini AI
Gemini can now see your screen and judge your tabs
Girl wearing Meta Quest 3 headset interacting with a jungle playset
Latest Meta Quest 3 software beta teases a major design overhaul and VR screen sharing – and I need these updates now
Philips Hue
Philips Hue might be working on a video doorbell, and according to a new report, we just got our first look at it
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
More about security
An abstract image of digital security.

Fake file converters are stealing info, pushing ransomware, FBI warns
Microsoft

"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
Ugreen \00d7 Genshin Impact Kinich Collectible Gift Box and exclusive Genshin Impact merchandise.

Ugreen reveals exclusive Genshin Impact collection and they're some of the most eye-catching charging products I've ever used
See more latest
Most Popular
Ugreen \00d7 Genshin Impact Kinich Collectible Gift Box and exclusive Genshin Impact merchandise.
Ugreen reveals exclusive Genshin Impact collection and they're some of the most eye-catching charging products I've ever used
Zendesk Relate 2025
Zendesk Relate 2025 - everything you need to know as the event unfolds
Google Gemini AI
Gemini can now see your screen and judge your tabs
iFi iDSD Valkyrie in gold, on a beige desk
iFi's iDSD Valkyrie DAC wants to guide your music to the great hall of Valhalla
The Samsung Galaxy S25 Edge on display the January 22, 2025 Galaxy Unpacked event.
A fresh Samsung Galaxy S25 Edge leak hints at a 2K display and a titanium frame
Philips Hue
Philips Hue might be working on a video doorbell, and according to a new report, we just got our first look at it
SDUNITED AX835-025FF mini PC
This mini PC with the incredible Strix Halo APU is yet another sign AMD may have given up on big brands for bleeding edge tech
Disney Plus logo with popcorn
You can finally tell Disney+ to stop bugging you about that terrible Marvel show you regret starting
Girl wearing Meta Quest 3 headset interacting with a jungle playset
Latest Meta Quest 3 software beta teases a major design overhaul and VR screen sharing – and I need these updates now
Hatch Restore 3 in Putty
You can finally start your day with The Office theme song, and I couldn't be more excited