Void Dokkaebi Uses Fake Job Interview Lure to Spread Malware via Code Repositories — How to Identify & Stay Safe

INDIA — By BharatSecure Threat Intelligence Team · Updated May 26, 2026

Severity: HIGH | View Full Scam Details

Beware in 2026: Void Dokkaebi’s Fake Job Interview Scam Spreads Malware via Code Repositories in India

Millions of Indians seeking IT jobs online risk falling prey to a new cybercrime where fraudsters impersonate HR and use fake interviews to install malware.

What Is the Void Dokkaebi Uses Fake Job Interview Lure to Spread Malware via Code Repositories?

In the fast-growing Indian job market, especially in the IT sector, cybercriminals are exploiting digital recruitment tools to target job seekers. The Void Dokkaebi group has emerged as a major threat, using fake job interview offers to infect candidates’ devices with malware. Their scam taps into platforms like LinkedIn, local job boards, and WhatsApp, which many Indian youth rely on for career opportunities.

This scam targets hopeful IT professionals—from fresh graduates in metros like Bengaluru and Hyderabad to mid-level tech employees across Tier 2 cities searching for better prospects. By posing as HR representatives from reputed Indian and international companies, Void Dokkaebi gains victims’ trust. Although exact numbers on affected individuals are still emerging, CERT-In has issued high-severity alerts due to this scam's rapid spread in 2025, warning that the damage could escalate in 2026 if ignored.

The Indian government’s Information Sharing and Analysis Centre for Information Infrastructure (ISAC-India) and I4C (Indian Cyber Crime Coordination Centre) classify this scam as high-risk, urging job seekers to stay vigilant. With the rise in remote hiring post-pandemic, this malware-laden fake interview ploy exploits how dependent Indians are on digital communication for jobs.

How This Scam Works — Step by Step

1. Targeting Candidates: Void Dokkaebi’s scammers browse LinkedIn, Naukri, and local job portals to pick promising IT candidates. They often select people with updated profiles showing skills in software development, cybersecurity, or data analytics.

2. Initial Contact: The fraudsters message prospects via LinkedIn direct message, email, or even WhatsApp, pretending to be HR from companies like TCS, Infosys, or US-based tech firms. Their messages include convincing details like job roles, salary ranges (in INR or USD), and references to previous applications.

3. Scheduling a Fake Interview: The scammers invite candidates to an online interview using Zoom, Google Meet, or Microsoft Teams. They send meeting links resembling legitimate invites and use professional language to build trust.

4. Sending Malware Links: Before or after the "interview," the fraudsters ask candidates to download code samples or test assignments from popular code repositories (e.g., GitHub, GitLab). Unbeknownst to the victim, these repositories contain malware-infected files or scripts disguised as coding tasks.

5. Infection and Data Theft: When the victim downloads and runs these files, malware silently installs itself on the device. This malware can steal personal data, including Aadhaar-linked documents, bank details, UPI PINs, and even enable remote access. It can also spread laterally to connected accounts and devices.

6. Financial Loss and Identity Theft: Using stolen information, attackers may transfer money via UPI apps, impersonate victims for SIM swaps, or misuse Aadhaar data for fraudulent loans and services.

Real Warning Signs to Watch For

• Unsolicited messages from unknown recruiters on LinkedIn or WhatsApp.
• Interview invites scheduled with minimal or no prior screening.
• Requests to download coding tasks or assignments from unfamiliar or unofficial code repositories.
• Poor email addresses or suspicious domains not linked to the claimed company.
• Interviewers reluctant to provide company verification details or HR contact numbers.
• Links to Zoom or Meet sessions sent from new or generic accounts, not official ones.
• Urgent pressure to submit technical tasks with downloads without time for verification.

What Happens to Victims

Victims of this scam can face severe financial and emotional setbacks. Once malware infects a device, attackers may access bank apps linked with UPI, transferring funds out instantly—often irreplaceable in India as RBI’s UPI regulations limit reversals once done.

Furthermore, stolen Aadhaar details can be used to open fraudulent bank accounts or apply for loans, leaving victims with liabilities they never incurred. SIM swap frauds can disrupt mobile OTP verification, locking victims out of their own accounts, aggravating the situation. The stress of identity theft, financial loss, and trust breach can cause lasting trauma, especially for first-time job seekers counting on these opportunities.

What RBI and CERT-In Say

CERT-In has issued several advisories warning citizens against downloading files from unverified sources, especially during recruitment drives. Their alerts emphasize verifying recruiter identities, avoiding suspicious code repositories, and not running unknown scripts on personal computers.

The Reserve Bank of India (RBI) acknowledges increase in digital frauds involving UPI and advises consumers to immediately report unauthorized transactions via their bank’s emergency helpline. The 24x7 Cybercrime Helpline 1930, supported by the Ministry of Home Affairs, also assists victims in lodging complaints and seeking guidance.

I4C (Indian Cyber Crime Coordination Centre) coordinates state agencies to track and mitigate such scams. They urge Indians to stay cautious about unsolicited job offers and verify every step before sharing personal or financial details.

How to Protect Yourself

1. Verify recruiters’ identities: Cross-check company emails and phone numbers through official company websites or LinkedIn profiles.
2. Never download files from unknown code repositories: Always insist on completing tests on official platforms or verified environments.
3. Avoid sharing sensitive info over WhatsApp or direct messaging apps.
4. Use antivirus software and keep your device updated to detect malicious scripts.
5. Check Zoom/Meet invite senders carefully; genuine recruiters usually schedule through corporate emails.
6. Do not rush job acceptance or online tasks without time for validation.
7. Report suspicious job offers to CERT-In and your local cyber police immediately.

What to Do If You’ve Been Targeted

• Immediately disconnect your device from the internet and run a full malware scan.
• Change passwords for all important accounts, especially your email, bank, and UPI apps.
• Inform your bank and block or freeze your accounts to stop unauthorized transactions.
• Contact the 24x7 Cybercrime Helpline at 1930 to report the incident and get guidance.
• File a complaint on the National Cyber Crime Reporting Portal at cybercrime.gov.in.
• Notify Aadhaar helpline if you suspect misuse of your identification documents.
• Keep records of all communications and transaction details for investigation.

Frequently Asked Questions

Q: How can I be sure if a job interview invite is genuine?
A: Legitimate recruiters use official company email IDs, provide verifiable contact details, and never pressure you to download files from unknown sources. Always cross-verify by contacting the company’s HR through their official channels.

Q: Can RBI help me recover money lost through UPI fraud linked to such scams?
A: RBI’s guidelines allow refunds in certain unauthorized transaction cases, but quick reporting is crucial. Delays reduce chances of recovery. Always inform your bank immediately if you notice suspicious withdrawals.

Q: Should I download coding assignments or tests sent via GitHub or other repositories?
A: Only if you are absolutely sure about the sender’s authenticity and the repository’s legitimacy. When in doubt, request links to official test portals or verified platforms instead of direct downloads.

Job scams like Void Dokkaebi’s malware ploy are increasingly sophisticated but preventable with awareness. If you receive suspicious interview messages or files, don’t hesitate to double-check first. Protect your future — verify all job-related communications at BharatSecure.app before you click or download anything. Stay safe, stay informed!