LinkedIn Job Scam Uses Hacked Recruiter Profile to Push Cross-Platform Malware Via Fake Camera Driver Fix

A sophisticated job scam is targeting LinkedIn users through compromised recruiter accounts, using fake video interview setups to trick applicants into installing malware. The attack begins with a recruiter profile that appears legitimate—often an established account with years of activity—but has been hijacked by scammers. Victims are approached with tailored job offers featuring salaries up to 40% above market rates, creating immediate interest and lowering suspicion.

The recruitment process is designed to appear authentic, including test questions and multiple evaluation steps. The trap springs when candidates are asked to record a short video interview. A fake error message claims the camera driver is outdated and provides a terminal command to "fix" the issue. The command is actually a malware installer, with versions targeting Linux, macOS, and Windows systems. Anyone who executes it would compromise their device.

This attack exploits the trust inherent in professional networking platforms and the growing normalization of video interviews in remote hiring. The use of hacked, long-standing recruiter profiles adds credibility that newly created fake accounts lack. Job seekers should treat any request to run terminal commands or download software during an application process as an immediate red flag—legitimate employers do not require candidates to execute code or install drivers to participate in interviews.