Job-seeking individuals in the technology industry have a looming threat: cybercriminals posing as recruiters to install malware on their devices. In a recent malicious campaign, attackers targeted job-seekers on LinkedIn, luring them to download and execute malware that masquerades as a legitimate video call application.

These threat actors try to persuade the victims to download and install malware during an online interview that they invite the victim to take part in. Both Windows and macOS users were vulnerable as the attackers compiled BeaverTail malware variants for the two operating systems.

The malicious activity was tracked by Unit 42 of the cybersecurity company Palo Alto Networks.

Unit 42 first announced the activity in November 2023, and since then, there has been additional online activity from the fake recruiters, as well as code updates to two pieces of malware associated with the campaign: the BeaverTail downloader and the InvisibleFerret backdoor.

In a June 2024 article, a fake recruiter account reportedly contacted the writer over LinkedIn. After the attacker set up a technical interview online, he convinced the potential victim to execute malicious code. In this case, the potential victim purposefully ran the code in a virtual environment, which eventually connected back to the attacker's command and control server.