{"id":57022,"date":"2024-09-05T14:50:46","date_gmt":"2024-09-05T14:50:46","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/36303\/North-Korean-Hackers-Target-Job-Seekers-With-Fake-App.html"},"modified":"2024-09-05T14:50:46","modified_gmt":"2024-09-05T14:50:46","slug":"north-korean-hackers-target-job-seekers-with-fake-app","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/north-korean-hackers-target-job-seekers-with-fake-app\/","title":{"rendered":"North Korean Hackers Target Job Seekers With Fake App"},"content":{"rendered":"<div class=\"separator\"><a href=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgiBB9ZcpErY96m12zTHmpAjWSz85vx3RP4bPUv4Qqu3WrToApYYBUyVHQ2VHl04c6Eg2HhKpz8LsW7H_REOrQ81Dq4HdRvjV9_P6X7xMsoxpFEPuYDKCo7RCUOrwaXbkEkOtieNifdeAgDpccT_H9l30Bsm-2UVm6abTquTlIk0j8L9lMiKYPDjt6i_Y9z\/s728-rw-e365\/northkorea.jpg\"><img decoding=\"async\" src=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgiBB9ZcpErY96m12zTHmpAjWSz85vx3RP4bPUv4Qqu3WrToApYYBUyVHQ2VHl04c6Eg2HhKpz8LsW7H_REOrQ81Dq4HdRvjV9_P6X7xMsoxpFEPuYDKCo7RCUOrwaXbkEkOtieNifdeAgDpccT_H9l30Bsm-2UVm6abTquTlIk0j8L9lMiKYPDjt6i_Y9z\/s728-rw-e365\/northkorea.jpg\" alt border=\"0\" data-original-height=\"380\" data-original-width=\"728\"><\/a><\/div>\n<p>North Korean threat actors have leveraged a fake Windows video conferencing application impersonating FreeConference.com to backdoor developer systems as part of an ongoing financially-driven campaign dubbed Contagious Interview.<\/p>\n<p>The new attack wave, <a href=\"https:\/\/www.group-ib.com\/blog\/apt-lazarus-python-scripts\/\" rel=\"noopener\" target=\"_blank\">spotted<\/a> by Singaporean company Group-IB in mid-August 2024, is yet another indication that the activity is also leveraging native installers for Windows and Apple macOS to deliver malware.<\/p>\n<p>Contagious Interview, also tracked as DEV#POPPER, is a <a href=\"https:\/\/thehackernews.com\/2024\/07\/north-korean-hackers-update-beavertail.html\" rel=\"noopener\" target=\"_blank\">malicious campaign<\/a> orchestrated by a North Korean threat actor tracked by CrowdStrike under the moniker Famous Chollima.<\/p>\n<p>The attack chains begin with a fictitious job interview, tricking job seekers into downloading and running a Node.js project that contains the BeaverTail downloader malware, which in turn delivers InvisibleFerret, a cross-platform Python backdoor that&#8217;s equipped with remote control, keylogging, and browser stealing capabilities.<\/p>\n<div class=\"dog_two clear\"><center class=\"cf\"><a href=\"https:\/\/thehackernews.uk\/inside-a-d\" rel=\"nofollow noopener sponsored\" target=\"_blank\" title=\"Cybersecurity\"><img loading=\"lazy\" decoding=\"async\" class=\"lazyload\" alt=\"Cybersecurity\" src=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEi2H3KGarNwUXw2G9bTmqTFZkjtGyffuGXwM5zNDNY926RbGgqkg2rV_QdswEuTgvutXtTMueFpLLsVRPnkKK9eQB4QwkBSDt5BdMgEyXaxPGeiRRcvBUNOAvYYnjAndCRT9Z_9VIofxJL9FEoxeouzHV_MU0wT7M-H-_sd5BT-LzSVvjmYhjrhD-lfl2Q2\/s728-rw-e100\/inside-a-d.jpg\" width=\"727\" height=\"90\"><\/a><\/center><\/div>\n<p>Some iterations of BeaverTail, which also functions as an information stealer, have manifested in the form of JavaScript malware, typically distributed via <a href=\"https:\/\/thehackernews.com\/2024\/08\/north-korean-hackers-target-developers.html\" rel=\"noopener\" target=\"_blank\">bogus npm packages<\/a> as part of a purported technical assessment during the interview process.<\/p>\n<p>But that changed in July 2024 when Windows MSI installer and Apple macOS disk image (DMG) files masquerading as the legitimate MiroTalk video conferencing software were discovered in the wild, acting as a conduit to deploy an updated version of BeaverTail.<\/p>\n<p>The latest findings from Group-IB, which has attributed the campaign to the infamous Lazarus Group, suggest that the threat actor is continuing to lean on this specific distribution mechanism, the only difference being that the installer (&#8220;FCCCall.msi&#8221;) mimics FreeConference.com instead of MiroTalk.<\/p>\n<p>It&#8217;s believed that the phony installer is downloaded from a website named freeconference[.]io, which uses the same registrar as the fictitious mirotalk[.]net website.<\/p>\n<p>&#8220;In addition to Linkedin, Lazarus is also actively searching for potential victims on other job search platforms such as WWR, Moonlight, Upwork, and others,&#8221; security researcher Sharmine Low said.<\/p>\n<p>&#8220;After making initial contact, they would often <a href=\"https:\/\/www.reddit.com\/r\/webdev\/comments\/1ddpmiz\/beware_of_scammers\/\" rel=\"noopener\" target=\"_blank\">attempt to move the conversation<\/a> onto Telegram, where they would then ask the potential interviewees to download a video conferencing application, or a Node.js project, to perform a technical task as part of the interview process.&#8221;<\/p>\n<p>In a sign that the campaign is undergoing active refinement, the threat actors have been observed injecting the malicious JavaScript into both cryptocurrency- and gaming-related repositories. The JavaScript code, for its part, is designed to retrieve the BeaverTail Javascript code from the domain ipcheck[.]cloud or regioncheck[.]net.<\/p>\n<div class=\"separator\"><a href=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiIl98NSMSy4UDfnG2hVv0nLXYLn4DdHXBTIS33LgpizDZVjriXMOoO6GFZ9oLnZyjMx0jA8IxduUNv3nHIS7zlHB4gDKq4SFh5ZDWOWVqh-4pEJRxx1b2mLBFwackr11lf7ojEiTxP5riNlvxf3-v21zQbzxce_oDQeQx46tJ4iIc-EXQsdT9_W7PPBzys\/s728-rw-e365\/gib.png\"><img decoding=\"async\" src=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiIl98NSMSy4UDfnG2hVv0nLXYLn4DdHXBTIS33LgpizDZVjriXMOoO6GFZ9oLnZyjMx0jA8IxduUNv3nHIS7zlHB4gDKq4SFh5ZDWOWVqh-4pEJRxx1b2mLBFwackr11lf7ojEiTxP5riNlvxf3-v21zQbzxce_oDQeQx46tJ4iIc-EXQsdT9_W7PPBzys\/s728-rw-e365\/gib.png\" alt border=\"0\" data-original-height=\"779\" data-original-width=\"1680\"><\/a><\/div>\n<p>It&#8217;s worth mentioning here that this behavior was also recently highlighted by software supply chain security firm Phylum in connection with an npm package named <a href=\"https:\/\/thehackernews.com\/2024\/08\/north-korean-hackers-target-developers.html\" rel=\"noopener\" target=\"_blank\">helmet-validate<\/a>, suggesting that the threat actors are simultaneously making use of different propagation vectors.<\/p>\n<p>Another notable change is that BeaverTail is now configured to extract data from more cryptocurrency wallet extensions such as Kaikas, Rabby, Argent X, and Exodus Web3, in addition to implementing functionality to establish persistence using AnyDesk.<\/p>\n<p>That&#8217;s not all. BeaverTail&#8217;s information-stealing features are now realized through a set of Python scripts, collectively called CivetQ, which is capable of harvesting cookies, web browser data, keystrokes, and clipboard content, and delivering more scripts. A total of 74 browser extensions are targeted by the malware.<\/p>\n<p>&#8220;The malware is able to steal data from Microsoft Sticky Notes by targeting the application&#8217;s SQLite database files located at `%LocalAppData%\\Packages\\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\\LocalState\\plum.sqlite,` where user notes are stored in an unencrypted format,&#8221; Low said.<\/p>\n<p>&#8220;By querying and extracting data from this database, the malware can retrieve and exfiltrate sensitive information from the victim&#8217;s Sticky Notes application.&#8221;<\/p>\n<section class=\"dog_two clear\"><center class=\"cf\"><a href=\"https:\/\/thehackernews.uk\/hkn-cis-secure-d\" target=\"_blank\" title=\"Cybersecurity\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" class=\"lazyload\" alt=\"Cybersecurity\" src=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEg2e9gX8qql2VnlnmxwogUuF-47r3ia7SyqmezFG6mEhyz_u_mhnC1Bx6oO2bUN1mxYeuiVthhKTjLt1id9tM1EUXlElUGXu0RgmOxEshQnythfmriGfYfNYC8SaEjKMmkGMSTqPiMge66F2SndOSMQx7DpyzhyW9tayLJPJjTdG0LiQs4OtPk5BZW_RsWS\/s728-rw-e100\/cis-d.gif\" width=\"727\" height=\"90\"><\/a><\/center><\/section>\n<p>The emergence of CivetQ points to a modularized approach, while also underscoring that the tools are under active development and have been constantly evolving in little increments over the past few months.<\/p>\n<p>&#8220;Lazarus has updated their tactics, upgraded their tools, and found better ways to conceal their activities,&#8221; Low said. &#8220;They show no signs of easing their efforts, with their campaign targeting job seekers extending into 2024 and to the present day. Their attacks have become increasingly creative, and they are now expanding their reach across more platforms.&#8221;<\/p>\n<p>The disclosure comes as the U.S. Federal Bureau of Investigation (FBI) warned of North Korean cyber actors&#8217; aggressive targeting of the cryptocurrency industry using &#8220;well-disguised&#8221; social engineering attacks to facilitate cryptocurrency theft.<\/p>\n<p>&#8220;North Korean social engineering schemes are complex and elaborate, often compromising victims with sophisticated technical acumen,&#8221; the FBI <a href=\"https:\/\/www.ic3.gov\/Media\/Y2024\/PSA240903\" rel=\"noopener\" target=\"_blank\">said<\/a> in an advisory released Tuesday, stating the threat actors scout prospective victims by reviewing their social media activity on professional networking or employment-related platforms.<\/p>\n<p>&#8220;Teams of North Korean malicious cyber actors identify specific DeFi or cryptocurrency-related businesses to target and attempt to socially engineer dozens of these companies&#8217; employees to gain unauthorized access to the company&#8217;s network.&#8221;<\/p>\n<p><\/p>\n<div class=\"cf note-b\" readability=\"7.4311926605505\">Found this article interesting? Follow us on <a href=\"https:\/\/twitter.com\/thehackersnews\" rel=\"noopener\" target=\"_blank\">Twitter <i class=\"icon-font icon-twitter\">\uf099<\/i><\/a> and <a href=\"https:\/\/www.linkedin.com\/company\/thehackernews\/\" rel=\"noopener\" target=\"_blank\">LinkedIn<\/a> to read more exclusive content we post.<\/div>\n<p>READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/36303\/North-Korean-Hackers-Target-Job-Seekers-With-Fake-App.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":57023,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[60],"tags":[11033],"class_list":["post-57022","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-packet-storm","tag-headlinehackergovernmentmalwareconferencenorth-korea"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>North Korean Hackers Target Job Seekers With Fake App 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/north-korean-hackers-target-job-seekers-with-fake-app\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"North Korean Hackers Target Job Seekers With Fake App 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/north-korean-hackers-target-job-seekers-with-fake-app\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2024-09-05T14:50:46+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgiBB9ZcpErY96m12zTHmpAjWSz85vx3RP4bPUv4Qqu3WrToApYYBUyVHQ2VHl04c6Eg2HhKpz8LsW7H_REOrQ81Dq4HdRvjV9_P6X7xMsoxpFEPuYDKCo7RCUOrwaXbkEkOtieNifdeAgDpccT_H9l30Bsm-2UVm6abTquTlIk0j8L9lMiKYPDjt6i_Y9z\/s728-rw-e365\/northkorea.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/north-korean-hackers-target-job-seekers-with-fake-app\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/north-korean-hackers-target-job-seekers-with-fake-app\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"North Korean Hackers Target Job Seekers With Fake App\",\"datePublished\":\"2024-09-05T14:50:46+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/north-korean-hackers-target-job-seekers-with-fake-app\\\/\"},\"wordCount\":813,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/north-korean-hackers-target-job-seekers-with-fake-app\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/09\\\/north-korean-hackers-target-job-seekers-with-fake-app.webp\",\"keywords\":[\"headline,hacker,government,malware,conference,north korea\"],\"articleSection\":[\"Packet Storm\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/north-korean-hackers-target-job-seekers-with-fake-app\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/north-korean-hackers-target-job-seekers-with-fake-app\\\/\",\"name\":\"North Korean Hackers Target Job Seekers With Fake App 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/north-korean-hackers-target-job-seekers-with-fake-app\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/north-korean-hackers-target-job-seekers-with-fake-app\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/09\\\/north-korean-hackers-target-job-seekers-with-fake-app.webp\",\"datePublished\":\"2024-09-05T14:50:46+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/north-korean-hackers-target-job-seekers-with-fake-app\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/north-korean-hackers-target-job-seekers-with-fake-app\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/north-korean-hackers-target-job-seekers-with-fake-app\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/09\\\/north-korean-hackers-target-job-seekers-with-fake-app.webp\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/09\\\/north-korean-hackers-target-job-seekers-with-fake-app.webp\",\"width\":728,\"height\":380},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/north-korean-hackers-target-job-seekers-with-fake-app\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,hacker,government,malware,conference,north korea\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlinehackergovernmentmalwareconferencenorth-korea\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"North Korean Hackers Target Job Seekers With Fake App\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"North Korean Hackers Target Job Seekers With Fake App 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/north-korean-hackers-target-job-seekers-with-fake-app\/","og_locale":"en_US","og_type":"article","og_title":"North Korean Hackers Target Job Seekers With Fake App 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/north-korean-hackers-target-job-seekers-with-fake-app\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2024-09-05T14:50:46+00:00","og_image":[{"url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgiBB9ZcpErY96m12zTHmpAjWSz85vx3RP4bPUv4Qqu3WrToApYYBUyVHQ2VHl04c6Eg2HhKpz8LsW7H_REOrQ81Dq4HdRvjV9_P6X7xMsoxpFEPuYDKCo7RCUOrwaXbkEkOtieNifdeAgDpccT_H9l30Bsm-2UVm6abTquTlIk0j8L9lMiKYPDjt6i_Y9z\/s728-rw-e365\/northkorea.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/north-korean-hackers-target-job-seekers-with-fake-app\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/north-korean-hackers-target-job-seekers-with-fake-app\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"North Korean Hackers Target Job Seekers With Fake App","datePublished":"2024-09-05T14:50:46+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/north-korean-hackers-target-job-seekers-with-fake-app\/"},"wordCount":813,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/north-korean-hackers-target-job-seekers-with-fake-app\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2024\/09\/north-korean-hackers-target-job-seekers-with-fake-app.webp","keywords":["headline,hacker,government,malware,conference,north korea"],"articleSection":["Packet Storm"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/north-korean-hackers-target-job-seekers-with-fake-app\/","url":"https:\/\/www.threatshub.org\/blog\/north-korean-hackers-target-job-seekers-with-fake-app\/","name":"North Korean Hackers Target Job Seekers With Fake App 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/north-korean-hackers-target-job-seekers-with-fake-app\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/north-korean-hackers-target-job-seekers-with-fake-app\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2024\/09\/north-korean-hackers-target-job-seekers-with-fake-app.webp","datePublished":"2024-09-05T14:50:46+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/north-korean-hackers-target-job-seekers-with-fake-app\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/north-korean-hackers-target-job-seekers-with-fake-app\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/north-korean-hackers-target-job-seekers-with-fake-app\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2024\/09\/north-korean-hackers-target-job-seekers-with-fake-app.webp","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2024\/09\/north-korean-hackers-target-job-seekers-with-fake-app.webp","width":728,"height":380},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/north-korean-hackers-target-job-seekers-with-fake-app\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,hacker,government,malware,conference,north korea","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlinehackergovernmentmalwareconferencenorth-korea\/"},{"@type":"ListItem","position":3,"name":"North Korean Hackers Target Job Seekers With Fake App"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/57022","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=57022"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/57022\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/57023"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=57022"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=57022"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=57022"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}