Phishing Attacks Against People Seeking Programming Jobs
This is new. North Korean hackers are posing as company recruiters, enticing job candidates to participate in coding challenges. When they run the code they are supposed to work on, it installs malware on their system.
Posted on February 27, 2026 at 7:04 AM • 5 Comments
This isn’t new at all. It might be new to the North Koreans, but bad actors have been trying to get job applicants to install malware for years in hopes someone will run it on their work machine and it will allow the attacker to get a foothold in the corporate network.
This would be a funny way for a legit company to screen out bad candidates: Include comments that say “Do not run this code as-is or you fail” and if you run it it contacts the employer and says “The candidate ran the code”. Instead what you want is the candidate to contact you and say “I found the ‘do not run this'” comment instead.
North Korean group APT37 has a new set of tools for weaponizing removable media, exfiltrating data and operating backdoors dropped on systems in air-gapped networks.
‘https://www.zscaler.com/blogs/security-research/apt37-adds-new-capabilities-air-gapped-networks
“North Korean group APT37 has a new set of tools for weaponizing removable media”
You left out two important words “Microsoft Windows”.
With Microsoft badly handling Win11 and suffering “self inflicted reputational damage” with the larges calibre of “foot-gun” people are starting to look elsewhere than Microsoft OSs.
I have been pleasantly surprised by how many “Silver Surfers” are moving over to alternative OS’s with considerable ease.
This has been aided for others by the Push for AI taking “PC Upgrades” beyond their financial abilities due to memory and storage scarcity and price increase of 30-50%…
Unlike a Win11 upgrade, moving to alternative OS’s can happen on existing hardware and in quite a few cases make the PC more spritely than when running Win10 or even earlier MS OS’s…
Also the “apps” they actually need on alternative OSs don’t need “cloud connectivity” and all the nonsense that comes with it…
Recent news suggests various EU local Governments are looking at “cost savings” by “Dump the Chump”… Of removing MS and other US Corporate lunacy of AI nonsense and the impossible to meet legal issues it raises.
This is going to cause issues for some APT malware users like APT37.
As for “air-gap crossing” I won’t say it’s “easy” but when I described how to do part of it around a decade and a half ago it was considered by many to be “impossibly difficult” thus not worth considering as a threat vector. I’m glad that some are now taking it a little more seriously and putting it high up in their threat vector risk list.
I would think any serious coder would not run code without first sandboxing, examining and understanding it.
Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/
I am a public-interest technologist, working at the intersection of security, technology, and people. I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998. I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc. This personal website expresses the opinions of none of those organizations.
