Fake Interview Apps That Install Malware
You're asked to install a 'proprietary interview platform' that turns out to be cryptominer or info-stealer malware.
This pattern primarily targets software developers, designers, and crypto/Web3 candidates. The 'recruiter' invites you to interview using a custom platform you've never heard of, often distributed as an npm package, GitHub repo, or .dmg/.exe installer. The package contains malware that steals browser passwords, crypto wallet keys, SSH keys, and source code.
Red flags
- 01Interview requires installing a custom desktop app or running a GitHub repo locally
- 02Recruiter provides a take-home 'coding challenge' that requires running unfamiliar npm packages
- 03Calendly/video links redirect to download pages instead of opening a known service (Zoom, Google Meet, Teams)
- 04App is signed with an unknown developer certificate, or unsigned entirely
- 05Recruiter pressures you to install on your primary work machine instead of a sandbox
Real-world example
"Our final-round technical interview uses our proprietary platform Hive-Meet. Please install from this Dropbox link before the call. The installer asks for accessibility permissions — that's normal, it's how we record the coding portion."
Why this scam works
Developers are accustomed to installing unfamiliar tools and granting permissions. The 'innovative startup' framing makes the unusual install seem like a quirk rather than a red flag. The malware often runs silently for weeks before exfiltrating data.
What to do
- 01Refuse any interview that requires installing software you can't independently verify
- 02Run unknown code only in a disposable virtual machine, never your main system
- 03If you already installed something suspicious, disconnect from the network, change all passwords from a clean device, and rotate crypto/SSH keys
- 04Report the recruiter and link to the platform's abuse team
Run any suspicious posting through Sentari.
Free risk score in 12 seconds. No signup required.