North Korean hackers are using LinkedIn to scam jobseekersThe fake job offers often promise well-paid remote workBut the victims are eventually infected with malwareA long-running campaign by notorious North Korean hacking group Lazarus has seen job hopefuls scammed in many different ways, including downloading malware disguised as interview software, fake coding tests, infostealers, and some companies have even accidentally hired North Korean hackers as remote IT workers.
Now, a new facet of the ‘Contagious Interview’ campaign has arisen, and this time, hackers are using LinkedIn to scam victims, research from Bitdefender warns.
LinkedIn can be a fantastic tool for professionals to network, and many businesses use the app to recruit new employees, and now, it turns out, so are the Lazarus group.
Malicious offersThe fake recruitment scams ultimately result in the victim being infected with malware, and the hackers tend to target jobseekers in high profile industries, like defense, aerospace, or engineering – looking to exfiltrate classified or sensitive information, or even corporate credentials.
The fake jobs researchers observed in these scams were often remote work, flexible and well paid, sometimes involving cryptocurrencies as payment. These are designed to be enticing offers, so be wary of anything that looks a little too good to be true.
Scammers will message a victim via LinkedIn, then requesting a CV or personal GitHub repository link (which could be used to harvest personal information). From there, the ‘recruiter’ shares a ‘feedback’ document, which infects the victim with malware.
There are some warning signs to look out for, like vague job descriptions, poor communications, and users without popper documentations. Make sure to vet any job offers, applications, and interview offers thoroughly – and don’t click any links from unknown sources.
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
In February 2025, Apple delivered a new patch on Xprotect, its on-device malware removal tool to block variants of the macOS ‘FerretFamily’ – which had been found disguised as Chrome or Zoom installers targeting applicants.
You might also likeTake a look at our pick of the best antivirus softwareCheck out our recommendations for the best small business router picks around“Everyone will experience a hack” – how incident response can protect your organization
