North Korean hackers are scamming crypto job seekers on LinkedIn
North Korean hackers have been posing as recruiters on LinkedIn and Telegram, tricking people in the crypto industry with fake job offers.
Victims are asked to download what looks like video interview software, but it's actually malware that steals their login info and helps hackers swipe cryptocurrency from their wallets.
This scam, called "Contagious Interview," hit over 230 people between January and March.
Scammers using AI-generated profiles to look legit
The attackers use front companies and AI-generated profiles to look legit, targeting everyone from coders to executives.
Once someone downloads the fake interview tool, their credentials get stolen for quick crypto thefts.
Investigators have linked this operation to North Korean groups like Lazarus and CL-STA-0240, with stolen funds reportedly topping $1.34 billion last year—money believed to help fund Pyongyang's weapons programs.
Companies like Kraken and Robinhood are trying to shut down scam sites and warn users, but keeping up with new malware tricks is tough.
The FBI and global agencies have also put out alerts about these aggressive scams targeting crypto job seekers.