North Korean hackers target crypto workers with fake interviews

At least 230 individuals were targeted by North Korean hackers using fake cryptocurrency job interviews between January and March 2025 as part of the ongoing Contagious Interview campaign. The attackers impersonated companies like Robinhood and eToro, creating dozens of fake websites where victims were tricked into running malicious commands through fabricated error messages. Security researchers observed the hackers coordinating through Slack and monitoring threat intelligence platforms to evade detection while making minimal infrastructure changes. Beyond fake interviews, the same threat actors also posed as investment institution employees on Telegram and deployed sophisticated backdoors like PondRAT and RemotePE to maintain persistent access to compromised networks.

Read more:

https://www.securityweek.com/north-korean-hackers-targeted-hundreds-in-fake-job-interview-attacks/