Malware Attack Targets Crypto Wallets via Fake Job Offers

February 5, 2025

By Ravie Lakshmanan

A North Korea-linked group, known as the Lazarus Group, has been linked to an active campaign that leverages fake LinkedIn job offers in the cryptocurrency and travel sectors to deliver malware capable of infecting Windows, macOS, and Linux operating systems.

The campaign, which has been reported to be active, leverages fake job offers on LinkedIn and Reddit, with minor tweaks to the overall attack chain. In some cases, the candidates are asked to clone a Web3 repository and run it locally as part of an interview process, while in others they are instructed to fix intentionally introduced bugs in the code.

One of the Bitbucket repositories in question refers to a project named miketoken_v2. It is no longer accessible on the code hosting platform.

This disclosure comes a day after SentinelOne revealed that the Contagious Interview campaign is being used to deliver another malware codenamed FlexibleFerret.

Stay Up-to-Date with the Latest Cybersecurity News

Follow us on Twitter  and LinkedIn to read more exclusive content we post.

Read More:

• JavaScript Stealer Targets Crypto Wallets
• Contagious Interview Campaign Delivers FlexibleFerret Malware