Malware researchers have uncovered a fake job recruiting operation that is targeting LinkedIn users.
This latest recruiting-themed lure has been devised by “actors affiliated with North Korea.” It is one of many from the rogue nation to be added to your list of LinkedIn scams to avoid.
Fake Recruiting
The scam kicks off as a job recruiting campaign. When LinkedIn users reply, they get sent a ZIP file “that contained COVERTCATCH malware disguised as a Python coding challenge,” explain researchers Robert Wallace, Blas Kojusner, and Joseph Dobson from Google-owned Mandiant.
This is their way in, as the malware then compromises the victim’s MacOS system by downloading a second-stage payload.
This just in! View
the top business tech deals for 2024 👨💻
This “establishes persistence” or allows the hackers to maintain access using Launch Agents – programs that run automatically when a Mac users logs in – and Launch Daemons – the files that interact with a Mac’s service management framework.
One of Many Scams to Watch Out For
TheHackerNews adds that this is one of many recruiting scams being deployed from North Korea at the moment. Others include Operation Dream Job and Contagious Interview.
The report notes that attacks based around recruiting have also been used to deliver malware families such as RustBucket and KANDYKORN. One malicious PDF was disguised as a job description for a “VP of Finance and Operations” at a well-known cryptocurrency exchange. When opened, it dropped RustBucket, which is a second-stage malware.
FBI Warns of Sophisticated Attacks
The Financial Times reported in February that North Korean cyber criminals are now turning to AI tools like ChatGPT to target everyone from Government bodies to private individuals.
Erin Plante, vice-president of investigations at blockchain data platform Chainalysis, told the newspaper: “The attacks are getting very sophisticated – we are not talking about a badly worded email that says ‘click on this link. These are detailed profiles on LinkedIn and other social media platforms, which they use to build relationships over weeks and months.”
On September 3, the FBI released a stark warning to people working in the crypto-industry that North Korean scammers were targeting them.
In an alert, the organization writes that: “The Democratic People’s Republic of Korea (“DPRK” aka North Korea) is conducting highly tailored, difficult-to-detect social engineering campaigns against employees of decentralized finance, cryptocurrency, and similar businesses to deploy malware and steal company cryptocurrency.”
It warned that even the canniest of employees could be tripped up. “The actors may reference personal information, interests, affiliations, events, personal relationships, professional connections, or details a victim may believe are known to few others,” the FBI said.
Similar tactics have been used on LinkedIn but the scammers are also simply preying on people who are looking for a new job with what looks like something completely innocent.
Always lead with suspicion, use antivirus software and, if it seems too good to be true, it is.
