Damaged Goods: When your new hire is already compromised

Damaged Goods: When your new hire is already compromised

From Cyberside Chats: Cybersecurity Insights from the Experts by Chatcyberside

June 9, 2026 · 15 min · Episode 76

About this episode

This episode discusses a new attacker technique where threat actors pose as recruiters to infect candidates' machines with malware.

In this eye-opening episode of Cyberside Chats, Sherri Davidoff sits down with Tom Pohl, Director of Penetration Testing at LMG Security, to unpack a chilling new attacker technique: threat actors posing as recruiters, conducting real interviews, and delivering malicious coding challenges that infect candidates’ personal machines. What looks like a legitimate take-home coding test is actually malware that steals passwords, browser credentials, crypto wallets, SSH keys, and more, all before the candidate ever steps foot in your organization. Tom shares how he discovered this campaign through a friend’s suspicious Bitbucket repo, walks through the malware’s behavior, and reveals real-time insights from probing the attackers’ command-and-control infrastructure. This isn’t just a problem for job seekers, it’s a direct threat to your human supply chain. Compromised developers can bring stolen credentials, GitHub access, and persistent footholds straight into your environment. Key Takeaways: 1. Go passwordless where possible or enforce unique passwords everywhere. 2. Require phishing-resistant MFA (and passkeys/hardware tokens) — ditch SMS. 3. Audit your passwords against known breach…

People in this episode

Host: Sherri Davidoff

Guest: Tom Pohl

Topics covered

  • cybersecurity
  • malware
  • recruitment
  • threat actors
  • human supply chain

Keywords

  • malware
  • cybersecurity
  • recruitment
  • threat actors
  • passwords
  • MFA
  • human supply chain

Mentioned in this episode

Organizations: LMG Security, Bitbucket

More episodes of Cyberside Chats: Cybersecurity Insights from the Experts

Explore listener stats, chart rankings, contacts and more on the Cyberside Chats: Cybersecurity Insights from the Experts podcast page.