Looking for a new job can be a difficult enough process on its own, which is why landing an interview for a position you’re interested in can feel like a big win. However, you’re going to want to be extra careful during your next video interview as hackers are now using them to infect unsuspecting users with a dangerous Mac malware strain.
From using fake Facebook job ads to posing as job recruitment firms or HR representatives, hackers love to target people when they’re at their most vulnerable. If you just lost a job or got laid off and are trying to find a new position quickly, you’re a lot more likely to fall victim to the tricks used in three different campaigns linked above.
Now though, as reported by The Hacker News, North Korean hackers are using the interview process itself as a means to trick job seekers into installing malware on the best MacBooks and other Apple computers.
Here’s everything you need to know about this new campaign along with some tips and tricks on how you can protect yourself, your data and your devices when looking for your next job online.
From fake job interview to malware infection
The North Korean hackers behind this new campaign did something similar back in 2023 in a previous campaign called Contagious Interview, which used fake videoconferencing software to deliver malware to prospective targets. This time around though, they’re using multiple malware strains to better evade detection.
After approaching potential targets on LinkedIn by posing as recruiters, the hackers then try to convince them to complete a video assessment. Just like a similar campaign last year which used fake Google Meet errors, this one uses a link to a video call that displays an error message saying that another component or additional piece of software like VCam or CameraAccess needs to be installed to fix the issues a victim is currently experiencing.
Hackers love to step in with a solution to a problem they’ve created for you, and this is the perfect example of that. In this case, the fix involves copying and executing a malicious command in macOS through the Terminal app which will supposedly fix the camera and microphone issue in their web browser.
If a job seeker follows their directions, they end up having the JavaScript-based malware BeaverTail installed on their computer. In addition to stealing sensitive browser data and funds from crypto wallets, this malware can also deliver a Python backdoor called InvisibleFERRET. To make matters worse, this FERRET malware establishes persistence on an infected Mac by using a LaunchAgent. That way, even if you turn your computer off or try to delete the malware, it will come right back.
Developers also need to be on the lookout for the FERRET malware since it’s also currently being spread through fake issues on legitimate GitHub repositories. This is a clear sign that the North Korean hackers behind this malware now want to use it to infect even more people through multiple, simultaneous campaigns.
How to stay safe while job hunting
If you’re looking for a new job yourself, my best piece of advice is to be extremely cautious when dealing with ads, recruiters and even HR personnel during your search. You want to look up the people and the companies you’re interacting with to make sure that they really are who they say they are.
From there, you’re going to want to stick to established and trusted sites and services like Indeed, ZipRecruiter, Monster and GlassDoor. Likewise, if possible, you should try to use your existing connections to see if there are any new positions or opportunities available before heading to a job site to look for work. Likewise, as enticing as they can be, it’s probably best to avoid job ads since these days, any one of them could be a malicious ad designed to take you to a phishing site or one known for spreading malware.
If you’re emailing back and forth with a recruiter or an HR person, you want to avoid downloading any attachments or clicking on links when possible. With links, you can hover your mouse cursor over their anchor text to inspect the URL first, and with attachments, you can use the best antivirus software — or with this campaign, the best Mac antivirus software — to scan them for viruses before you open them.
Finally, the most important thing to remember during your job search is that if an offer seems too good to be true, it probably is. Hackers are going to keep targeting people when they’re at their most vulnerable which means we’ll likely continue to see attacks and scams targeting job seekers.
More from Tom's Guide
