Beware of Fake Job Interviews Delivering Malicious Video Conferencing Software

Cybersecurity researchers recently discovered a new scam targeting job seekers. Attackers are posing as potential employers and using fake job interviews to trick students into downloading malicious video conferencing software. Once installed, this software can give attackers control over your computer and steal your personal information.

Originally published on the USC Information Security website

How the Scam Works

Fake Job Offers: Scammers reach out to students through job boards or direct messages, offering seemingly legitimate job opportunities. They set up fake interviews to make the offer seem real.

Malicious Software Download: As part of the interview, they ask you to download what looks like a normal video conferencing app or a project file. However, this software contains hidden malware.

What the Malware Does: Once installed, the malware can:

  • Record everything you type, including passwords and personal information.
  • Give the attacker remote control of your computer using software like AnyDesk.
  • Steal data from your browser, including login details for websites, password managers, and cryptocurrency wallets.

New Malware Capabilities

Malicious software embedded in the download, such as BeaverTail and InvisibleFerret, have been updated with advanced features, including:

  • Sending stolen data through encrypted messaging apps like Telegram.
  • Installing tools to maintain long-term access to your computer.
  • Targeting browser extensions, password managers, and authentication tools.

What You Can Do

Be Cautious with Job Offers: Be skeptical of unsolicited job offers, especially those that seem too good to be true. Research the company thoroughly and verify the job listing before proceeding.

Avoid Downloading Unfamiliar Software: If an employer asks you to download software for an interview, make sure it’s from a trusted source like Zoom or Microsoft Teams. Avoid downloading files or applications that seem suspicious or unnecessary.

Strengthen Your Security:

  • Enable Two-Factor Authentication (2FA) on your accounts to add an extra layer of protection.
  • Ensure endpoint protection software is installed and up-to-date. USC offers SentinelOne as a free perk through your local IT team (Enterprise-edition) and for personal devices of USC-affiliated users (Personal-edition) to students, faculty, and staff.
  • Use a password manager to create strong, unique passwords; USC offers 1Password password manager as a free perk to USC students, faculty, and staff to help keep you passwords secure.
  • Keep your device security software up to date to detect and block malicious activity.

Limit Access to Your Computer: Be careful when using remote control software like AnyDesk or similar tools. Only allow access when absolutely necessary, and monitor your system for any unusual behavior.

Report Suspicious Activity: If you come across a suspicious job offer or software request, or believe you may have been compromised on a USC or USC-connected device, report it immediately to security@usc.edu or call the ITS 24×7 support hotline at 213-740-5555.

Best Practices

Be Aware of Social Engineering: Scammers often use fake job offers to trick people into lowering their guard. Be cautious when sharing personal information or downloading files from unfamiliar sources.

Monitor Your Device’s Activity: Keep an eye out for strange behavior, such as unfamiliar software running on your computer. If you notice anything unusual, contact IT by email security@usc.edu or call the ITS 24×7 support hotline at 213-740-5555.

By Paolo Cantos
Paolo Cantos