Scams can appear anywhere users are active, including job recruitment on LinkedIn. Recent reports reveal that North Korean threat actors are exploiting LinkedIn job postings to distribute the COVERTCATCH malware. This operation involves creating fake job advertisements on LinkedIn. When potential candidates engage in personal discussions, the attackers send a ZIP file that contains COVERTCATCH, disguised as a Python programming test. This malware is used to target macOS systems. If downloaded, it proceeds to install a payload that sets up Launch Agents and Launch Daemons, ensuring persistence and potentially leading to more severe consequences than just data theft.
Sources highlight that this technique is similar to previous North Korean operations, such as Operation Dream Job and Contagious Interview, where job scams were used to deliver malware.
Job seekers should be cautious if they encounter such suspicious job offers, as they may be scams masked as legitimate recruitment on LinkedIn.