The Void Dokkaebi threat actor is using fake job interview lures to distribute malware by directing victims to malicious code repositories, such as those hosting JavaScript and Python files. The article does not provide a CVSS score, specific affected software versions, fixed versions, or workarounds for this campaign.
2026-04-21 (Back to Inventory) Void Dokkaebi Uses Fake Job Interview Lure to Spread Malware via Code Repositories Author(s): Lucas Silva Organization: Trend Micro js.beavertail js.jadesnow js.otter_cookie py.invisibleferret Open article directly Open article on Archive.org Related Articles 2026-04-03 ⋅ Trend Micro ⋅ Jacob Santos , Jeffrey Francis Bonaobra , Sophia Nilette Robles Weaponizing Trust Signals: Claude Code Lures and GitHub Release Payloads GhostSocks Vidar 2026-01-26 ⋅ Trend Micro ⋅ Joseph C Chen , Ted Lee PeckBirdy: A Versatile Script Framework for LOLBins Exploitation Used by China-aligned Threat Groups PeckBirdy GRAYRABBIT 2025-12-11 ⋅ Trend Micro ⋅ Daniel Lunghi , Feike Hacquebord , Ian Kenefick SHADOW-VOID-042 Targets Multiple Industries with Void Rabisu-like Tactics ROMCOM RAT SHADOW-VOID-042