--- title: Fake Job Interview Apps Drop JobStealer Malware on Windows and macOS source: newsletter source_url: https://hackread.com/fake-job-interview-jobstealer-malware-windows-macos/ tags: [hackread, mistral-ai, security, vulnerability, repository-attack] fetcher: jina sha256: c1530abc4218ec75 created: 2026-05-19 updated: 2026-05-19 --- # Fake Job Interview Apps Drop JobStealer Malware on Windows and macOS Published Time: 2026-05-14T18:25:10+01:00 Markdown Content: [![Image 2: Hackread - Cybersecurity News, Data Breaches, AI and More](https://hackread.com/wp-content/uploads/2023/08/Hackread-logo.png)](https://hackread.com/)[![Image 3: Hackread - Cybersecurity News, Data Breaches, AI and More](https://hackread.com/wp-content/uploads/2023/08/Hackread-logo.png)](https://hackread.com/) * [Hacking News](https://hackread.com/category/data-breaches/hacking-news/) * [Leaks](https://hackread.com/category/data-breaches/hacking-news/leaks-affairs/) * [WikiLeaks](https://hackread.com/category/data-breaches/hacking-news/wikileaks-affairs/) * [Anonymous](https://hackread.com/category/data-breaches/hacking-news/anonymous/) * [Technology](https://hackread.com/category/technology/) * [Android](https://hackread.com/category/technology/android/) * [Apple](https://hackread.com/category/technology/anews/) * [Google](https://hackread.com/category/technology/gnews/) * [Microsoft](https://hackread.com/category/technology/microsoft/) * [Samsung](https://hackread.com/category/technology/samsung/) * [3D](https://hackread.com/category/technology/3d/) * [How To](https://hackread.com/category/how-to/) * [Artificial Intelligence](https://hackread.com/category/artificial-intelligence/) * [Machine Learning](https://hackread.com/category/artificial-intelligence/machine-learning/) * [Cyber Crime](https://hackread.com/category/latest-cyber-crime/) * [Phishing Scam](https://hackread.com/category/latest-cyber-crime/phishing-scam/) * [Scams and Fraud](https://hackread.com/category/latest-cyber-crime/scams-and-fraud/) * [Security](https://hackread.com/category/security/) * [Malware](https://hackread.com/category/security/malware/) * [Censorship](https://hackread.com/category/cyber-events/censorship/) * [Cyber Attacks](https://hackread.com/category/cyber-events/cyber-attacks-cyber-events/) * [Crypto](https://hackread.com/category/cryptocurrency/) * [Blockchain](https://hackread.com/category/blockchain/) * [Surveillance](https://hackread.com/category/surveillance/) * [Drones](https://hackread.com/category/surveillance/drones/) * [NSA](https://hackread.com/category/surveillance/nsa/) * [Privacy](https://hackread.com/category/surveillance/privacy/) * [Gaming](https://hackread.com/category/gaming/) * [Submit Press Release](https://hackread.com/submit-press-release/) [![Image 4: Hackread - Cybersecurity News, Data Breaches, AI and More](https://hackread.com/wp-content/uploads/2023/08/Hackread-logo.png)](https://hackread.com/)[![Image 5: Hackread - Cybersecurity News, Data Breaches, AI and More](https://hackread.com/wp-content/uploads/2023/08/Hackread-logo.png)](https://hackread.com/) * [Hacking News](https://hackread.com/category/data-breaches/hacking-news/) * [Leaks](https://hackread.com/category/data-breaches/hacking-news/leaks-affairs/) * [WikiLeaks](https://hackread.com/category/data-breaches/hacking-news/wikileaks-affairs/) * [Anonymous](https://hackread.com/category/data-breaches/hacking-news/anonymous/) * [Technology](https://hackread.com/category/technology/) * [Android](https://hackread.com/category/technology/android/) * [Apple](https://hackread.com/category/technology/anews/) * [Google](https://hackread.com/category/technology/gnews/) * [Microsoft](https://hackread.com/category/technology/microsoft/) * [Samsung](https://hackread.com/category/technology/samsung/) * [3D](https://hackread.com/category/technology/3d/) * [How To](https://hackread.com/category/how-to/) * [Artificial Intelligence](https://hackread.com/category/artificial-intelligence/) * [Machine Learning](https://hackread.com/category/artificial-intelligence/machine-learning/) * [Cyber Crime](https://hackread.com/category/latest-cyber-crime/) * [Phishing Scam](https://hackread.com/category/latest-cyber-crime/phishing-scam/) * [Scams and Fraud](https://hackread.com/category/latest-cyber-crime/scams-and-fraud/) * [Security](https://hackread.com/category/security/) * [Malware](https://hackread.com/category/security/malware/) * [Censorship](https://hackread.com/category/cyber-events/censorship/) * [Cyber Attacks](https://hackread.com/category/cyber-events/cyber-attacks-cyber-events/) * [Crypto](https://hackread.com/category/cryptocurrency/) * [Blockchain](https://hackread.com/category/blockchain/) * [Surveillance](https://hackread.com/category/surveillance/) * [Drones](https://hackread.com/category/surveillance/drones/) * [NSA](https://hackread.com/category/surveillance/nsa/) * [Privacy](https://hackread.com/category/surveillance/privacy/) * [Gaming](https://hackread.com/category/gaming/) * [Submit Press Release](https://hackread.com/submit-press-release/) [![Image 6: Hackread - Cybersecurity News, Data Breaches, AI and More](https://hackread.com/wp-content/uploads/2023/08/Hackread-logo.png)](https://hackread.com/)[![Image 7: Hackread - Cybersecurity News, Data Breaches, AI and More](https://hackread.com/wp-content/uploads/2023/08/Hackread-logo.png)](https://hackread.com/) ##### The Latest ![Image 8: 10 Tips for Phrasing Employee Feedback in Reviews](https://hackread.com/wp-content/uploads/2026/05/10-tips-for-phrasing-employee-feedback-in-reviews-110x110.jpg) [](https://hackread.com/10-tips-for-phrasing-employee-feedback-in-reviews/) ###### [10 Tips for Phrasing Employee Feedback in Reviews](https://hackread.com/10-tips-for-phrasing-employee-feedback-in-reviews/) ![Image 9: Government Backed Hackers Abuse Cloudflare in Malaysian Espionage Campaign](https://hackread.com/wp-content/uploads/2026/05/government-backed-hackers-cloudflare-malaysia-espionage-2-110x110.jpg) [](https://hackread.com/government-backed-hackers-cloudflare-malaysia-espionage/) ###### [Government Backed Hackers Abuse Cloudflare in Malaysian Espionage Campaign](https://hackread.com/government-backed-hackers-cloudflare-malaysia-espionage/) ![Image 10: Continuous Detection, Continuous Response: Mate Security Redefines the Modern SOC](https://hackread.com/wp-content/uploads/2026/05/WhatsApp_Image_2026-05-18_at_25027_PM_1779105498FlCzzWfPqB-110x110.jpeg) [](https://hackread.com/continuous-detection-continuous-response-mate-security-soc/) ###### [Continuous Detection, Continuous Response: Mate Security Redefines the Modern SOC](https://hackread.com/continuous-detection-continuous-response-mate-security-soc/) ![Image 11: The Gentlemen Ransomware Gang Hit by Internal Breach, Operations Exposed](https://hackread.com/wp-content/uploads/2026/05/the-gentlemen-ransomware-data-breach-3-110x110.png) [](https://hackread.com/the-gentlemen-ransomware-gang-breach-op-exposed/) ###### [The Gentlemen Ransomware Gang Hit by Internal Breach, Operations Exposed](https://hackread.com/the-gentlemen-ransomware-gang-breach-op-exposed/) * [Zyxel](https://hackread.com/tag/zyxel/) * [Zynga](https://hackread.com/tag/zynga/) * [Zyklon B hacker](https://hackread.com/tag/zyklon-b-hacker/) * [Zygote](https://hackread.com/tag/zygote/) * [Zurich Insurance Group](https://hackread.com/tag/zurich-insurance-group/) * [Zues Malware](https://hackread.com/tag/zues-malware/) * [Zues](https://hackread.com/tag/zues/) * [ZTNA](https://hackread.com/tag/ztna/) * [ZTA Gateways](https://hackread.com/tag/zta-gateways/) * [ZTA](https://hackread.com/tag/zta/) ![Image 12: Fake Job Interview Apps Drop JobStealer Malware on Windows and macOS](https://hackread.com/wp-content/uploads/2026/05/fake-job-interview-jobstealer-malware-windows-macos-3.jpg) * [Security](https://hackread.com/category/security/) * [Malware](https://hackread.com/category/security/malware/) * [Scams and Fraud](https://hackread.com/category/latest-cyber-crime/scams-and-fraud/) Hackers are using Fake interview apps to spread JobStealer malware on macOS and Windows to steal crypto wallets, browser data, and passwords. [![Image 13](https://secure.gravatar.com/avatar/3c971597535b97dcf1c986f945aa98a632225995095afc68c2a7c0dff262d639?s=26&d=mm&r=g)by Waqas](https://hackread.com/author/hackread/ "View all posts by Waqas") May 14, 2026 3 minute read A fake job interview is now being used as bait to steal crypto wallets, browser credentials, and sensitive files from both Windows and macOS users. Researchers at Dr.Web say the malware campaign revolves around a trojan called JobStealer, which disguises itself as a video conferencing app during the hiring process. This malware campaign begins with scammers approaching victims with job offers and inviting them to attend an online interview through a custom meeting platform. The websites look clean, complete with branding, social media accounts, and Telegram channels designed to make the services appear active and trustworthy. However, instead of joining an interview, users end up downloading malware. Researchers identified fake conferencing apps using names such as MeetLab, Meetix, Juseo, and Carolla. Some sites even impersonate legitimate services like **[Cisco Webex](https://hackread.com/webex-vulnerability-lets-hackers-impersonate-download-meetings/)** to reduce suspicion. List of malicious sites used in this campaign includes the following: * `Meetlab.io` * `Meetix.app` * `Carolla.app` * `Cloudproxy.link` ### **JobStealer Malware Targeting macOS** On macOS systems, attackers use two installation methods. One method asks the user to copy and paste a Bash command into Terminal. The other delivers a DMG file that includes fake installation instructions. In both cases, the victim is tricked into launching the Trojan manually, which helps the malware bypass normal security warnings. [![Image 14: Fake Job Interview Apps Drop JobStealer Malware on Windows and macOS](https://hackread.com/wp-content/uploads/2026/05/fake-job-interview-jobstealer-malware-windows-macos-1-622x1024.png)](https://hackread.com/wp-content/uploads/2026/05/fake-job-interview-jobstealer-malware-windows-macos-1.png) JobStealer is delivered through malicious websites either as a DMG file or through a Bash command executed in Terminal, followed by a fake prompt requesting the user’s macOS password. (Image credit: Dr Web) That detail matters because the malware depends heavily on user interaction. The malicious script downloads a file detected as `Mac.PWS.JobStealer.1`, which is built to run on both Intel and Apple Silicon Macs. According to Dr.Web’s **[blog post](https://news.drweb.com/show/?i=15253&lng=en)**, newer versions added stronger obfuscation and arm64 support after earlier variants failed to run properly on newer Mac hardware. Once active, the malware displays a fake error message asking the victim for their macOS account password. From there, it begins collecting a wide range of data from the infected system. The primary target appears to be cryptocurrency assets, with JobStealer searching Chromium-based browsers, including Chrome, Brave, Opera, Edge, Vivaldi, Arc, and CocCoc, for roughly 300 crypto wallet extensions. Discover more Operating Systems operating system macOS It also extracts browser cookies, saved passwords, autofill payment data, Telegram session files, notes stored in Apple Notes, and traces of hardware wallet software such as **[Ledger Live](https://hackread.com/fake-ledger-live-app-apple-store-crypto-theft/)** and **[Trezor Suite](https://hackread.com/fake-cleanmymac-site-clickfix-shub-stealer-macos/)**. After collecting the information, the malware compresses the files into a ZIP archive and uploads them to a command and control server controlled by the attackers. ### **JobStealer Targets More Platforms** Dr.Web also identified a Windows version of JobStealer with similar data theft capabilities. While the macOS variant uses Terminal commands and fake DMG installers, the Windows samples follow the same fake interview approach and focus on stealing browser data, crypto wallets, and user credentials. Worse, researchers also found download sections for Linux, iOS, and Android variants on some malicious sites, although those versions do not appear to be fully deployed yet. Users should avoid running Terminal commands provided during interviews, especially when shared through unofficial meeting platforms or unfamiliar websites. Downloading conferencing software directly from official vendor sites remains the safer option. Companies conducting legitimate interviews rarely require candidates to bypass operating system protections or manually execute scripts. Dr.Web mapped the malware activity to several MITRE ATT&CK techniques, including malicious copy and paste execution, credential theft from browsers and keychains, automated data collection, and exfiltration through web services. The campaign also shows how threat actors are adapting **[social engineering](https://hackread.com/facebook-social-engineering-passport-hacking/)** tactics to fit the remote work culture instead of depending solely on phishing emails or malicious attachments. ##### [Waqas](https://hackread.com/author/hackread/) [![Image 15](https://secure.gravatar.com/avatar/3c971597535b97dcf1c986f945aa98a632225995095afc68c2a7c0dff262d639?s=80&d=mm&r=g)](https://hackread.com/author/hackread/) I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cybersecurity and tech world. I am also into gaming, reading and investigative journalism. [View Posts](https://hackread.com/author/hackread/) * [Cyber Attack](https://hackread.com/tag/cyber-attack/) * [Cybersecurity](https://hackread.com/tag/cybersecurity/) * [Fraud](https://hackread.com/tag/fraud/) * [Interview](https://hackread.com/tag/interview/) * [JobStealer](https://hackread.com/tag/jobstealer/) * [macOS](https://hackread.com/tag/macos/) * [Malware](https://hackread.com/tag/malware/) * [Scam](https://hackread.com/tag/scam/) * [Telegram](https://hackread.com/tag/telegram/) * [Windows](https://hackread.com/tag/windows/) ##### Leave a Reply [Cancel reply](https://hackread.com/fake-job-interview-jobstealer-malware-windows-macos/#respond) Your email address will not be published.Required fields are marked * Comment * Name * Email * Website Δ View Comments (0) ##### Subscription Form ![Image 16: loader](https://hackread.com/wp-includes/images/spinner.gif) Email Address* FIRSTNAME LASTNAME ##### Latest Posts * [10 Tips for Phrasing Employee Feedback in Reviews](https://hackread.com/10-tips-for-phrasing-employee-feedback-in-reviews/) * [Government Backed Hackers Abuse Cloudflare in Malaysian Espionage Campaign](https://hackread.com/government-backed-hackers-cloudflare-malaysia-espionage/) * [Continuous Detection, Continuous Response: Mate Security Redefines the Modern SOC](https://hackread.com/continuous-detection-continuous-response-mate-security-soc/) * [The Gentlemen Ransomware Gang Hit by Internal Breach, Operations Exposed](https://hackread.com/the-gentlemen-ransomware-gang-breach-op-exposed/) * [Closing the Gap: The Regulatory and Structural Maturation of Digital Assets](https://hackread.com/regulatory-structural-maturation-of-digital-assets/) ##### PRESS RELEASE * ![Image 17](https://hackread.com/wp-content/uploads/2026/05/Lyrie_and_Anthropic_1778138816A1kmRs3pAH-80x80.jpg) [](https://hackread.com/lyrie-ai-joins-first-batch-of-anthropics-cyber-verification-program/) * [Press Release](https://hackread.com/category/press-release/) ### [Lyrie.ai Joins First Batch of Anthropic’s Cyber Verification Program](https://hackread.com/lyrie-ai-joins-first-batch-of-anthropics-cyber-verification-program/) [by CyberNewswire](https://hackread.com/author/cybernewswire/ "View all posts by CyberNewswire") * ![Image 18](https://hackread.com/wp-content/uploads/2026/05/LuxSci_Secure_Email_Mid-Sized_PR_1777922928HSMMEp3uoy-80x80.jpg) [](https://hackread.com/luxsci-launches-enterprise-grade-hipaa-compliant-email-security-for-mid-sized-healthcare-organizations/) * [Press Release](https://hackread.com/category/press-release/) ### [LuxSci Launches Enterprise-Grade HIPAA-Compliant Email Security for Mid-Sized Healthcare Organizations](https://hackread.com/luxsci-launches-enterprise-grade-hipaa-compliant-email-security-for-mid-sized-healthcare-organizations/) [by CyberNewswire](https://hackread.com/author/cybernewswire/ "View all posts by CyberNewswire") * ![Image 19](https://hackread.com/wp-content/uploads/2026/05/1200_700_1776732787DlSbx2MTHb-80x80.jpg) [](https://hackread.com/criminal-ip-and-securonix-threatq-collaborate-to-enhance-threat-intelligence-operations/) * [Press Release](https://hackread.com/category/press-release/) ### [Criminal IP and Securonix ThreatQ Collaborate to Enhance Threat Intelligence Operations](https://hackread.com/criminal-ip-and-securonix-threatq-collaborate-to-enhance-threat-intelligence-operations/) [by CyberNewswire](https://hackread.com/author/cybernewswire/ "View all posts by CyberNewswire") * ![Image 20](https://hackread.com/wp-content/uploads/2026/04/Picture1_1777442433Pk2kOwYHqu-80x80.jpg) [](https://hackread.com/brinker-introduces-a-novel-approach-to-deepfake-detection/) * [Press Release](https://hackread.com/category/press-release/) ### [Brinker Introduces a Novel Approach to Deepfake Detection](https://hackread.com/brinker-introduces-a-novel-approach-to-deepfake-detection/) [by CyberNewswire](https://hackread.com/author/cybernewswire/ "View all posts by CyberNewswire") * ![Image 21](https://hackread.com/wp-content/uploads/2026/04/BreachLock_Named_Representative_Vendor_in_2026_Gar_1776721618nJIDraNFL9-80x80.jpg) [](https://hackread.com/breachlock-named-representative-vendor-in-the-2026-gartner-market-guide-for-adversarial-exposure-validation/) * [Press Release](https://hackread.com/category/press-release/) ### [BreachLock Named Representative Vendor in the 2026 Gartner Market Guide for Adversarial Exposure Validation](https://hackread.com/breachlock-named-representative-vendor-in-the-2026-gartner-market-guide-for-adversarial-exposure-validation/) [by CyberNewswire](https://hackread.com/author/cybernewswire/ "View all posts by CyberNewswire") Discover more software Windows OS Mac OS ##### Related Posts * [Cyber Crime](https://hackread.com/category/latest-cyber-crime/) * [Scams and Fraud](https://hackread.com/category/latest-cyber-crime/scams-and-fraud/) ## [American Express Users Hit with ‘Unusual Activity’ Phishing Scam](https://hackread.com/american-express-users-hit-with-unusual-activity-phishing-scam/) A fake email from American Express warns users of an‘Unusual Activity’ on their account – The email asks… [by Waqas](https://hackread.com/author/hackread/ "View all posts by Waqas") * [Security](https://hackread.com/category/security/) ## [Millions of websites using CDNs at risk of CPDoS attack](https://hackread.com/websites-using-cdns-at-risk-of-cpdos-attack/) CPDoS can be used to attack content delivery networks (CDNs) to serve error pages instead of legitimate sites through caching. [by Sudais Asif](https://hackread.com/author/sudais/ "View all posts by Sudais Asif") * [Android](https://hackread.com/category/technology/android/) * [Security](https://hackread.com/category/security/) ## [Stagefright 2.0: Security Flaw in Android Puts 1 Billion Devices at Risk](https://hackread.com/androids-security-flaw-remote-hacking/) The risk of remote hacking is triggered through the faults in the media processing components that may be… [by Uzair Amir](https://hackread.com/author/uzair/ "View all posts by Uzair Amir") ![Image 22: Vidar Infostealer Spreads via Fake CAPTCHAs, Hides in JPEG and TXT Files](https://hackread.com/wp-content/uploads/2026/04/vidar-infostealer-fake-captchas-jpeg-txt-files-260x195.jpg) Read More [](https://hackread.com/vidar-infostealer-fake-captchas-jpeg-txt-files/) * [Security](https://hackread.com/category/security/) * [Malware](https://hackread.com/category/security/malware/) ## [Vidar Infostealer Spreads via Fake CAPTCHAs, Hides in JPEG and TXT Files](https://hackread.com/vidar-infostealer-fake-captchas-jpeg-txt-files/) New version of Vidar infostealer spreads via fake CAPTCHAs, hides in JPEG and TXT files, uses fileless attacks and steals browser, crypto wallet data. [by Deeba Ahmed](https://hackread.com/author/deeba/ "View all posts by Deeba Ahmed") [![Image 23: Hackread - Cybersecurity News, Data Breaches, AI and More](https://hackread.com/wp-content/uploads/2023/08/Hackread-logo-footer.png)](https://hackread.com/)[![Image 24: Hackread - Cybersecurity News, Data Breaches, AI and More](https://hackread.com/wp-content/uploads/2023/08/Hackread-logo-footer.png)](https://hackread.com/) HACKREAD is a news platform that centers on Cybersecurity, AI, InfoSec, Cyber Crime and Hacking News with full-scale reviews on Crypto and Technology trends. Founded in 2011, HackRead is based in the United Kingdom. Copyright © 2026 HackRead The display of third-party trademarks and trade names on the site do not necessarily indicate any affiliation or endorsement of Hackread.com. If you click an affiliate link and buy a product or service, we may be paid a fee by that merchant. * [About Us](https://hackread.com/about-us/) * [Our Team](https://hackread.com/team/) * [Contact Us](https://hackread.com/contact-us/) * [Our Mission](https://hackread.com/our-mission/) * [Privacy Policy](https://hackread.com/privacy-policy/) [](https://hackread.com/fake-job-interview-jobstealer-malware-windows-macos/#top)