Fake job interview technical task malware download — "coding assessment" requires cloning GitHub repo, running scripts, installing npm/pip packages, or executing downloaded files + delivers malware + associated with North Korean APT groups and opportunistic fraud

Malware delivery through fake job recruitment — scammers posing as recruiters send unsolicited "technical assessments" or "coding challenges" that require the victim to clone a GitHub repository and run setup scripts, install npm/pip packages from unofficial sources, download and execute ZIP archive payloads, or run Python/shell scripts — all of which deliver information-stealing malware or remote access trojans (RATs). Key facts: (1) Attributed to North Korean state-sponsored threat groups (Lazarus Group / Contagious Interview campaign) targeting software engineers and cryptocurrency professionals; (2) The FBI, CISA, and industry researchers have published multiple advisories about this vector; (3) Legitimate technical assessments from real companies always use established platforms (HackerRank, LeetCode, Codility, CoderPad) that run entirely in the browser — no local installation required; (4) Red flags include unusually high salary offers ($120k-$200k+), vague company names, unsolicited outreach, and pressure to run code immediately; (5) The malware typically exfiltrates crypto wallet credentials, SSH keys, browser credentials, and session tokens. Warning signs: GitHub clone + run setup script, npm install of unknown package, download ZIP + execute, Python/bash script download, salary well above market rate.