Damaged Goods: When your new hire is already compromised

In this eye-opening episode of Cyberside Chats, Sherri Davidoff sits down with Tom Pohl, Director of Penetration Testing at LMG Security, to unpack a chilling new attacker technique: threat actors posing as recruiters, conducting real interviews, and delivering malicious coding challenges that infect candidates’ personal machines. What looks like a legitimate take-home coding test is actually malware that steals passwords, browser credentials, crypto wallets, SSH keys, and more, all before the candidate ever steps foot in your organization. Tom shares how he discovered this campaign through a friend’s suspicious Bitbucket repo, walks through the malware’s behavior, and reveals real-time insights from probing the attackers’ command-and-control infrastructure. This isn’t just a problem for job seekers, it’s a direct threat to your human supply chain. Compromised developers can bring stolen credentials, GitHub access, and persistent footholds straight into your environment. Key Takeaways: 1. Go passwordless where possible or enforce unique passwords everywhere. 2. Require phishing-resistant MFA (and passkeys/hardware tokens) — ditch SMS. 3. Audit your passwords against known breach lists before the bad guys do. 4. Vet candidate security the same way you vet third-party vendors (antivirus/EDR, device sharing, security hygiene). 5. Bring hiring and onboarding into your security program — protect the entire human supply chain. Whether you’re a job seeker trying to stay safe or a hiring manager responsible for your organization’s security posture, this episode will change how you think about the recruitment process. Resources: 1. Download Tom’s full white paper with technical details on the LMG Security website (Resources section): lmgsecurity.com