North Korean hackers are targeting LinkedIn jobseekers with new malware - here's how to stay safe

Hacker silhouette working on a laptop with North Korean flag on the background
(Image credit: Getty Images)

  • North Korean hackers are using LinkedIn to scam jobseekers
  • The fake job offers often promise well-paid remote work
  • But the victims are eventually infected with malware

A long-running campaign by notorious North Korean hacking group Lazarus has seen job hopefuls scammed in many different ways, including downloading malware disguised as interview software, fake coding tests, infostealers, and some companies have even accidentally hired North Korean hackers as remote IT workers.

Now, a new facet of the ‘Contagious Interview’ campaign has arisen, and this time, hackers are using LinkedIn to scam victims, research from Bitdefender warns.

LinkedIn can be a fantastic tool for professionals to network, and many businesses use the app to recruit new employees, and now, it turns out, so are the Lazarus group.

Malicious offers

The fake recruitment scams ultimately result in the victim being infected with malware, and the hackers tend to target jobseekers in high profile industries, like defense, aerospace, or engineering - looking to exfiltrate classified or sensitive information, or even corporate credentials.

The fake jobs researchers observed in these scams were often remote work, flexible and well paid, sometimes involving cryptocurrencies as payment. These are designed to be enticing offers, so be wary of anything that looks a little too good to be true.

Scammers will message a victim via LinkedIn, then requesting a CV or personal GitHub repository link (which could be used to harvest personal information). From there, the ‘recruiter’ shares a ‘feedback’ document, which infects the victim with malware.

There are some warning signs to look out for, like vague job descriptions, poor communications, and users without popper documentations. Make sure to vet any job offers, applications, and interview offers thoroughly - and don’t click any links from unknown sources.

In February 2025, Apple delivered a new patch on Xprotect, its on-device malware removal tool to block variants of the macOS ‘FerretFamily’ - which had been found disguised as Chrome or Zoom installers targeting applicants.

You might also like

Ellen Jennings-Trace
Staff Writer

Ellen has been writing for almost four years, with a focus on post-COVID policy whilst studying for BA Politics and International Relations at the University of Cardiff, followed by an MA in Political Communication. Before joining TechRadar Pro as a Junior Writer, she worked for Future Publishing’s MVC content team, working with merchants and retailers to upload content.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

Read more
A digital representation of a lock
Looking for a new job? Watch out you don't fall for this new malware scam
A hand reaching out to touch a futuristic rendering of an AI processor.
North Korean fake job hackers are going the extra mile to make sure their scams seem legit
Hacker silhouette working on a laptop with North Korean flag on the background
FBI claims North Korean workers are hacking the US companies which hired them
linkedin
Watch out - that LinkedIn email could be a fake, laden with malware
North Korean flag with a hooded hacker
North Korean hackers are posing as software development recruiters to target freelancers
Red padlock open on electric circuits network dark red background
CrowdStrike warns of fake job offer scam that is actually just malware
Latest in Security
Hacker silhouette working on a laptop with North Korean flag on the background
North Korea unveils new military unit targeting AI attacks
An image of network security icons for a network encircling a digital blue earth.
US government warns agencies to make sure their backups are safe from NAKIVO security issue
Laptop computer displaying logo of WordPress, a free and open-source content management system (CMS)
This top WordPress plugin could be hiding a worrying security flaw, so be on your guard
Computer Hacked, System Error, Virus, Cyber attack, Malware Concept. Danger Symbol
Veeam urges users to patch security issues which could allow backup hacks
UK Prime Minister Sir Kier Starmer
The UK releases timeline for migration to post-quantum cryptography
Representational image depecting cybersecurity protection
Cisco smart licensing system sees critical security flaws exploited
Latest in News
Ray-Ban Meta Smart Glasses
Samsung's rumored smart specs may be launching before the end of 2025
Apple iPhone 16 Review
The latest iPhone 18 leak hints at a major chipset upgrade for all four models
Quordle on a smartphone held in a hand
Quordle hints and answers for Monday, March 24 (game #1155)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Monday, March 24 (game #386)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Monday, March 24 (game #652)
Quordle on a smartphone held in a hand
Quordle hints and answers for Sunday, March 23 (game #1154)