A sophisticated recruitment scam linked to North Korea has emerged, targeting American artificial intelligence developers, software engineers, and cryptocurrency professionals through an elaborate fake job platform.<\/p>\n
Validin security researchers have uncovered a new variant of what they call the \u201cContagious Interview\u201d operation, designed to compromise job seekers through a seemingly legitimate hiring process.<\/p>\n
The campaign uses a fully functional React and Next.js-based job platform hosted at lenvny[.]com that mimics leading technology companies and recruitment software, with surprising polish and authenticity.<\/p>\n
The fake job<\/a> platform presents itself as an \u201cIntegrated AI-Powered Interview Tool\u201d intended for hiring teams. The website features a polished marketing interface, gradient-heavy design, and synthetic branding that appears carefully crafted to align with how the operators believe the AI and tech industry looks in 2025.<\/p>\n This level of sophistication marks a significant escalation from previous DPRK-linked recruitment lures, which typically used basic login forms or simple phishing pages<\/a>.<\/p>\n The platform includes dozens of routes, dynamically generated job listings, and a complete application workflow that mirrors modern hiring systems, making it dangerously convincing to unsuspecting candidates.<\/p>\n Validin security analysts identified<\/a> the malware after the second paragraph, noting that the operation follows a specific infection pattern: LinkedIn message leads to interview process, which directs candidates to record video responses, then prompts them to \u201cfix their webcam\u201d using a helper tool.<\/p>\n This seemingly innocent troubleshooting step actually delivers malware directly to the target\u2019s system.<\/p>\n The infection mechanism operates through what security researchers call the \u201cClickFix\u201d technique, a social engineering<\/a> approach that tricks users into downloading malicious software while appearing to resolve technical issues.<\/p>\n When candidates visit the platform, they encounter job listings specifically designed to attract high-value targets in the artificial intelligence and cryptocurrency sectors.<\/p>\n The application process feels authentic, complete with video interviews and technical assessments that require users to run code or scripts on their machines.<\/p>\n This attack vector leverages the remote-friendly hiring practices common in tech industries, where video interviews and take-home coding assessments are standard.<\/p>\n North Korea targets explicitly this demographic because AI researchers and cryptocurrency professionals<\/a> provide access to valuable assets and expertise.<\/p>\n AI developers have access to proprietary research, model weights, and inference infrastructure, while crypto professionals often operate in environments managing high-value digital assets.<\/p>\n Additionally, individuals in these fields typically maintain workstations with elevated system privileges, development environments, and custom tooling that increase initial payload execution success rates.<\/p>\n Job seekers should verify that company career pages are hosted on official domains and avoid uploading personal documents to unverified platforms.<\/p>\n When asked to execute code during interviews, candidates should review scripts carefully and always run unfamiliar code inside virtual machines or sandboxed environments rather than directly on their primary workstations.<\/p>\n Follow us on\u00a0Google News<\/a>,\u00a0LinkedIn<\/a>,\u00a0and\u00a0X<\/a>\u00a0to Get More Instant Updates<\/strong>,\u00a0Set CSN as a Preferred Source in\u00a0Google<\/a>.<\/strong><\/p>\n The post Beware of North Korean Fake Job Platform Targeting U.S. Based AI-Developers<\/a> appeared first on Cyber Security News<\/a>.<\/p>\n<\/div>\n![\"A](\"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEj2xbNSBLpELsCdlZ7DqEnGi1xAd-ApOx2qFghqqPA75_2GqkD4yguZW9HGAhNkMNr5Bv24f5uWxebHXZHkhaHbMPo-ByXovpffS-iQ11HgYXt35rVVSrt5yX59u9zVRpqf971PfwxQ8tMg35R93q_SWPNrXCRQKqYDR5t9bsOCdLbxojQmQjsxv72ls7A\/s16000\/A%2520comparison%2520chart%2520of%2520the%2520fake%2520site%2520alongside%2520genuine%2520sites%2520%28Source%2520-%2520Validin%29.webp?ssl=1\")
Infection mechanism<\/strong><\/h2>\n
![\"Job](\"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiEHwojBLXIvfj0uCtpXmpJZ87x2-eISZvnUehW20mV48V65ZaMcD6qVwyuymMGrppS46A33znfqJvfBAvlqoiC2TxrNgo7Hg97CMg8lM-AmxxKVrS26MCPoKKoIIQI8V-CsNlMP9loX9svvBccPj-qWsPLCJe3C8HpFhcFdI-w1Aaq_9RHE8TVuRqU4Eo\/s16000\/Job%2520application%2520listings%2520for%2520Anthropic%2520advertising%2520a%2520variety%2520of%2520job%2520positions.%2520%28Source%2520-%2520Validin%29.webp?ssl=1\")