Cybertech Europe 2026-IT Industry Official Media Partner
Subscribe

Stay up to date with the most important news

By pressing the Subscribe button, you confirm that you have read and agree to our privacy policy and terms of use
Contact us

Malware from fake recruiters

Malware from fake recruiters Malware from fake recruiters

Fake recruiters are hunting for resumes – and your credentials too. Reports have emerged of malware being used in job tasks that purport to test a candidate’s technical skills.

Recruiters are constantly struggling to find matches for their job openings, whether through classic online job postings or through DMs on platforms like LinkedIn.

We have recently discovered a report from several users on Reddit who says to they have been contacted by a recruiter and tasked with creating a work sample. This practice is not uncommon, although it has been alleged in the past that some companies use this tactic to exploit applicants and get production work done for free. But overall, companies want to see that you are capable of doing what your resume says. This case was interesting, though. Considering that you are reading this post on the blog of a companies that combat harmful code you can probably guess where this leads. But let's not go too far.

  • Cybertech Europe 2026 cybersecurity conference in Rome with the IT industry as Official Media Partner
    Cybertech Europe 2026 is one of Europe's leading cybersecurity conferences, bringing together cybersecurity leaders, government officials, technology innovators, startups, investors, and enterprise decision-makers in Rome. The IT industry serves as an Official Media Partner, providing event coverage, executive interviews, industry insights, and cybersecurity news for Nordic and European audiences.
    ADVERTISEMENT

  • Maciek Szczesniak featured on IT-Branschen Wire Channel Magic Chats podcast banner
    Maciek Szczesniak appears on IT-Branschen Wire Channel Magic Chats, discussing leadership, innovation, digital transformation, and business services.
    SPONSORED

  • The IT industry Nordic technology media platform covering cybersecurity, cloud, AI, digital transformation, channel, MSP and enterprise IT news
    The IT industry is a leading Nordic technology media platform covering cybersecurity news, artificial intelligence, cloud computing, enterprise IT, digital transformation, managed services, channel partners, software development, telecommunications, data centers, IT infrastructure, technology leadership, business innovation, and emerging technologies. Through executive interviews, industry analysis, event coverage, thought leadership, product launches, vendor updates, and market insights, the IT industry connects technology decision-makers, CIOs, CISOs, CTOs, IT managers, MSPs, resellers, distributors, technology vendors, startups, and enterprise organizations across Sweden, Norway, Denmark, Finland, and Europe. Coverage includes cybersecurity trends, AI adoption, cloud strategy, enterprise software, networking, digital infrastructure, sustainability, compliance, governance, risk management, automation, data analytics, and future technology developments.
    OWN CONTENT

  • VORTIQ-X AI Governance helps companies transform AI into controllable and verifiable business value.
    VORTIQ-X is an AI Governance platform that helps organizations govern, verify, and create measurable business value from AI. The platform focuses on transparency, compliance, AI governance, and the effective use of AI in mission-critical processes.
    ADVERTISEMENT

Shady archive, strange warnings

Reddit user huggesh_nair reported that he was given access to a private archive on Github, where they were supposed to download application data for the task. The installation failed, and then the system asked for permission to install a Python package (Python is a scripting language commonly used by developers to automate and facilitate certain tasks). With no recollection of any reason why this would happen, the user became cautious and turned to Reddit for advice. They were told that this seemed extremely suspicious, and that the best course of action was probably to restore the system. This wasn't bad advice, because it turned out that this task came with a little something extra.

In particular, there are some heavily garbled scripts among the downloaded the information from the archiveThese, as it turns out, steal data from a variety of browsers. It's session tokens, stored passwords, and crypto wallets that these malicious scripts are after.

Screenshot of a document describing the background to a sample assignment and containing mockups of a shopping platform's products. The assignment is to create an integration of AR, VR, and various other technologies.
The work instructions are in a file stored on Google Docs. There are also links to other files for the candidate to download.

A familiar tactic

This tactic sounds familiar – stealing this kind of data is quite common and we’ve seen cases involving direct messages on social media platforms before. And these types of attacks cost victims not only their accounts, but potentially a lot of money. In the case of these fake job ads/work samples or “tech tests”, as they are sometimes called, the job seeker (we use quotes here because they technically weren’t actively looking for a job, but were contacted by a supposed “recruiter”) is expected to submit a CV. Again, common practice for any hiring process, and therefore not immediately suspicious. However, in this case, a legitimate CV, where we can assume the information is accurate, complete and up-to-date, is being sent to a criminal organisation. You can use your own imagination to think about what criminals might do with such information. One scenario that comes to mind is creating fake job applications for positions involving remote work. This is something that has also happened before – North Korean actors have been known to successfully infiltrate businesses and pretend to be real applicants doing real work. And while some fake applications are easy to spot, AI technology is actively used to create very convincing fakes that even hold their own during a video call.

Who did it?

North Korean group Lazarus is behind this. It would make sense since this group has been known to steal data from computers and empty bank accounts and crypto wallets to – there is a theory that it is As for who is behind these attacks to fill the coffers of the North Korean regime. Chainalysis has estimated that North Korea has confiscated over 1 billion USB drives from cryptocurrency theft alone.

How to protect yourself from criminals posing as recruiters

So if you're currently open to a new job and are contacted by someone claiming to be looking for someone with your qualifications, there are a few things to watch out for:

  1. Make sure there is another way to contact them, either by mail or phone.
    No legitimate recruiter should refuse you to contact them through another channel.
  2. When you are tasked with providing a work sample or taking a “technical test,” pay attention to the source of the information you are given.
  3. A Github repo with a somewhat random username that is in no way connected to the company you probably work for is a big red flag.
  4. Check the website of the company the person contacting you claims to work for. If you don't find a job opening there that matches your skills profile (or even no job openings at all), this may warrant a little caution.
  5. Be careful with email domains. If you get an email address, make sure it matches the company website. Pay special attention to things like character substitutions, such as l and I (lowercase “L” as in Lima compared to uppercase “I”, as in India).

Stay up to date with the most important news

By pressing the Subscribe button, you confirm that you have read and agree to our privacy policy and terms of use
  • Maciek Szczesniak featured on IT-Branschen Wire Channel Magic Chats podcast banner
    Maciek Szczesniak appears on IT-Branschen Wire Channel Magic Chats, discussing leadership, innovation, digital transformation, and business services.
    SPONSORED

  • VORTIQ-X AI Governance helps companies transform AI into controllable and verifiable business value.
    VORTIQ-X is an AI Governance platform that helps organizations govern, verify, and create measurable business value from AI. The platform focuses on transparency, compliance, AI governance, and the effective use of AI in mission-critical processes.
    ADVERTISEMENT

  • The IT industry Nordic technology media platform covering cybersecurity, cloud, AI, digital transformation, channel, MSP and enterprise IT news
    The IT industry is a leading Nordic technology media platform covering cybersecurity news, artificial intelligence, cloud computing, enterprise IT, digital transformation, managed services, channel partners, software development, telecommunications, data centers, IT infrastructure, technology leadership, business innovation, and emerging technologies. Through executive interviews, industry analysis, event coverage, thought leadership, product launches, vendor updates, and market insights, the IT industry connects technology decision-makers, CIOs, CISOs, CTOs, IT managers, MSPs, resellers, distributors, technology vendors, startups, and enterprise organizations across Sweden, Norway, Denmark, Finland, and Europe. Coverage includes cybersecurity trends, AI adoption, cloud strategy, enterprise software, networking, digital infrastructure, sustainability, compliance, governance, risk management, automation, data analytics, and future technology developments.
    OWN CONTENT

  • Cybertech Europe 2026 cybersecurity conference in Rome with the IT industry as Official Media Partner
    Cybertech Europe 2026 is one of Europe's leading cybersecurity conferences, bringing together cybersecurity leaders, government officials, technology innovators, startups, investors, and enterprise decision-makers in Rome. The IT industry serves as an Official Media Partner, providing event coverage, executive interviews, industry insights, and cybersecurity news for Nordic and European audiences.
    ADVERTISEMENT