Forgot your password?
Close
typodupeerror
Programming Security IT

Fake Job Recruiters Hid Malware In Developer Coding Challenges (bleepingcomputer.com) 25

Posted by EditorDavid from the world's-worst-boss dept.
"A new variation of the fake recruiter campaign from North Korean threat actors is targeting JavaScript and Python developers with cryptocurrency-related tasks," reports the Register. Researchers at software supply-chain security company ReversingLabs say that the threat actor creates fake companies in the blockchain and crypto-trading sectors and publishes job offerings on various platforms, like LinkedIn, Facebook, and Reddit. Developers applying for the job are required to show their skills by running, debugging, and improving a given project. However, the attacker's purpose is to make the applicant run the code... [The campaign involves 192 malicious packages published in the npm and PyPi registries. The packages download a remote access trojan that can exfiltrate files, drop additional payloads, or execute arbitrary commands sent from a command-and-control server.]

In one case highlighted in the ReversingLabs report, a package named 'bigmathutils,' with 10,000 downloads, was benign until it reached version 1.1.0, which introduced malicious payloads. Shortly after, the threat actor removed the package, marking it as deprecated, likely to conceal the activity... The RAT checks whether the MetaMask cryptocurrency extension is installed on the victim's browser, a clear indication of its money-stealing goals...

ReversingLabs has found multiple variants written in JavaScript, Python, and VBS, showing an intention to cover all possible targets.
The campaign has been ongoing since at least May 2025...
This discussion has been archived. No new comments can be posted.

Fake Job Recruiters Hid Malware In Developer Coding Challenges More

Fake Job Recruiters Hid Malware In Developer Coding Challenges

Comments Filter:

  • Can a cesspool of the vanities become a black hole? Just asking for a friend (who hasn't retired yet).

    The vanity in this particular case is thinking you are so valuable that the phishers would want to hire you. But I kind of like the recursive nature of breaching you so they can go after your references and contacts, too.

    • Re:Can a cesspool of the vanities become... (Score:4, Interesting)

      by shanen ( 462549 ) on Sunday February 15, 2026 @12:56PM (#65990458) Homepage Journal

      Did I FP? I confess that possibility was a factor in not writing at my usual length, but now I'm thinking of two examples for your consideration:

      (1) LinkedIn as the home of fake recruiters harvesting personal information.

      (2) YouTube as the source of the best AI-powered phishing scam I've seen yet. My theory of the case is that they went after people who had commented on a famous author's videos on YouTube. The email seemed to come from the author and seemed to be related to one of the projects he'd described in some of those videos. I got suspicious mostly because the answers to my questions were too responsive. They did sound exactly like the author, but surely such a busy guy has more important business than quickly answering my trivial questions. So I checked via the author's public website and "the secretary disavowed all knowledge" of the phishing scam, whatever it was in detail.

      Funny solution time: Regulate the generative AIs so they aren't allowed to impersonate humans. Require that they sound like aliens. The truth is that they are some form of alien intelligence. Maybe require that they use a style filter to sound like the ET that phoned home? Or force them to talk like the robot in "Lost in Space"? Something distinctively not to be confused with an actual human being.

      • I can detect AI style bullshit a good percentage of the time. There's just something about how it writes that's too much like ad copy. Worst case I run into a few false positives from writers who are insufferably full of themselves.

        If more people were better readers, more people would detect more AI bullshit.

        The literacy level in the USA is pathetic.

        • Re: (Score:2)

          by shanen ( 462549 )

          My reaction candidates are "Mod parent funny" or "You talking to me?" but at least I don't think I could be mistaken for a polite AI. Do any of the generative AIs have a "be rude" mode? (Musk's AI leaps to mind as a candidate tool for such abuse, but I've never tried it.)

          • I haven't messed with any of them recently but you used to be able to get any of them to do basically anything in any style by asking them to mock it for illustrative purposes.

  • Desperation (Score:5, Informative)

    by drinkypoo ( 153816 ) <drink@hyperlogos.org> on Sunday February 15, 2026 @12:46PM (#65990448) Homepage Journal

    It's tempting to declare that these are failing results from people who shouldn't be employed in these industries anyway due to their gullibility, and it's not entirely wrong, but it's also noteworthy that desperation increases vulnerability. The jobs report [kvia.com] says there was net job creation, but where are the jobs? [bbc.com] Is the claim of job creation as false as the expectations of 2025? [nepm.org]

    • How sharp were you at 22? (Score:5, Interesting)

      by Somervillain ( 4719341 ) on Sunday February 15, 2026 @01:23PM (#65990498)

      It's tempting to declare that these are failing results from people who shouldn't be employed in these industries anyway due to their gullibility, and it's not entirely wrong, but it's also noteworthy that desperation increases vulnerability.

      So just how smart and sharp were you after graduating? You're clearly old. Just because there was barely any internet when you started your career, sparing you from this trap, doesn't mean you wouldn't have fallen for it. The whole point of hiring someone is having them grow into the role...only shitholes expect you to know everything coming in...because they want to hire you for as short as possible and fire you.

      REAL employers?...they have proprietary software and custom workflows and need many months for you to be productive. They need more than a basic Spring Boot CRUD app. They need to train you to maintain sophisticated software. You're not chosen based on what you know, but for your ability to adapt and become what the employer needs.

      Shitholes hire commodities. Good employers invest in people.

      • Re: (Score:2)

        by tlhIngan ( 30335 )

        The thing to note is this is 2026, and we have full IDEs in web browsers, so the need to download, install, or do anything that modifies your computer is basically nil

        My present employer needed to do a coding test, and they had one set up on one of these sites. It presents a text editor with the function you write, and you write it. You can then click the green arrow to run the program with the test cases and see the results. If you make a syntax error, the compiler output is shown. They even say to try the

      • So just how smart and sharp were you after graduating?

        On a regular basis, my employer sends me test phishing emails. I have to use my brain, including common sense, to determine which ones they are. Most of them are very obvious, but a few of them are sneaky. My employer would be very upset with me if I were gullible. I would have to do trainings about it designed to make me more suspicious.

        Shitholes hire commodities. Good employers invest in people.

        Which of those is someone dumb enough to install software from an unknown source outside of a VM?

        • So just how smart and sharp were you after graduating?

          On a regular basis, my employer sends me test phishing emails. I have to use my brain, including common sense, to determine which ones they are. Most of them are very obvious, but a few of them are sneaky. My employer would be very upset with me if I were gullible. I would have to do trainings about it designed to make me more suspicious.

          Shitholes hire commodities. Good employers invest in people.

          Which of those is someone dumb enough to install software from an unknown source outside of a VM?

          You're an experienced professional. You know this now. I know this now. When I was 22?...well...just because someone is young and dumb doesn't mean they deserve to have their identity stolen by the North Koreans. You keep talking about your employer. You're fucking employed. You're not on the job market...neither am I. I am very good at my job and in demand. If I wasn't, I'd be willing to jump through hoops.

          Also, let's assume because this is from North Korea, it was obvious and poorly done. But.

    • Re: (Score:1)

      by Anonymous Coward

      It's tempting to declare that these are failing results from people who shouldn't be employed in these industries anyway due to their gullibility, and it's not entirely wrong, but it's also noteworthy that desperation increases vulnerability.

      i'd like to think it shouldn't be tempting to declare that regardless of "desperation" (or age). Though i'm sure many will. If a company gives you 24 hours to complete an interview project is your first step going to be to go audit all the libraries the code depends on, and perform a network analysis to make sure it's not doing anything funky? or is it going to be to pull down the code and start running it?

      I mean sure, I guess now that people might be aware this is a thing bad actors might be doing, some

      • I think more about being alert to obviously suspicious signs, usually these malicious fake companies make a bunch of errors you should be catching. But if you're desperate, you're not at your best. You're more likely to miss things.

    • Then there are jobs. We are at the point where there are some people who just cannot have a job. Full stop.

      And this is the people actively looking. These are not all the people who are massively underemployed or who have stopped looking. If you take functional unemployment into account, which is the same people who do not make enough money to afford a studio apartment and food, we are a 25% functional unemployment.

      I keep saying this, but the center cannot hold. We cannot keep this up. There will be

  • ...everything associated with cryptocurrency is a scam

  • trawl (Score:1)

    by Anonymous Coward

    Hang out in the depths, get caught in the trawl.

  • You mean Bleeping Computer, surely? (Score:4, Interesting)

    by PCM2 ( 4486 ) on Sunday February 15, 2026 @01:46PM (#65990538) Homepage

    Why are you attributing this story to The Register, when all your links are to somewhere else?

  • npm and PyPi are good concepts (Score:5, Interesting)

    by oldgraybeard ( 2939809 ) on Sunday February 15, 2026 @01:48PM (#65990544)
    But are unusable in the real world.

    • Re: (Score:3, Insightful)

      by Anonymous Coward
      No, they really aren't good concepts. An unverified package repository is a horrible idea. Either you should do what Linux distros do and have a collection of trusted maintainers decide what packages get into the official repository or have package references include their source (e.g. a full GitHub URL including the username like Vim bundles use), so it's very clear you're trusting some random person/organization. NPM/PyPi looking authoritative without any verification makes installing random packages look

Slashdot Top Deals

"The whole problem with the world is that fools and fanatics are always so certain of themselves, but wiser people so full of doubts." -- Bertrand Russell

Close