Overview

• Active campaigns ask applicants to run video “mic/camera check” steps that trigger payloads delivered during sham hiring interactions.
• Newer BeaverTail variants arrive as ready-to-run binaries bundled with decoys, with components stashed in password-protected containers to hinder detection.
• The malware operates quietly on both macOS and Windows, harvesting logins and crypto wallet data after execution.
• Researchers and industry voices urge applicants to avoid unsolicited downloads or scripts, flagging unverified links hosted on platforms such as GitHub and Vercel.
• Analysts have noted infrastructure indicators tied to North Korea, and Binance’s Changpeng Zhao publicly warned about rising fraudulent job applications.