North Korean Cyber Threat Actors have used LinkedIn to target developers via a fake job recruiting operation. The the way the attack works is the attacker will start a chat over the platform. From there the attacker will send a ZIP file containing the malware COVERTCATCH which is disguised as challenge to prove python knowledge according to researchers, Robert Wallace, Blas Kojusner, and Joseph Dobson.
How it works
The malware compromises it’s victim’s macOS device by downloading a payload to establish command and control (C2).
Actions on Objective
Once C2 is established the attacker will attempt to pivot to password managers to access passwords or crypto wallets to steal funds.
What to do
Due to the social engineering aspect of these attacks. One can use common defense to these kind of attacks by ensuring who they are talking to is legitimate. Verify claims that the person says. Never automatically assume a file is safe from someone online.
Reference: North Korean Threat Actors Deploy COVERTCATCH Malware via LinkedIn Job Scams Link