Subj : North Korean Lazarus hackers are using a fake coding test to stea To : All From : TechnologyDaily Date : Thu Sep 12 2024 13:45:05 North Korean Lazarus hackers are using a fake coding test to steal passwords Date: Thu, 12 Sep 2024 12:38:07 +0000 Description: North Korean criminals are tweaking their 'fake job' campaign to target Python devs. FULL STORY ====================================================================== North Korean state-sponsored threat actors Lazarus Group is evolving its fake job hacking campaign, researchers have warned. Lazarus has been creating fake LinkedIn accounts and posting fake job ads across the internet for years. They offer their victims, often developers, enticing packages, high salaries, and plenty of perks. But instead of getting the job, after a few interview rounds, the only thing these people would get is malware , often from .PDF files posing as job details and such. Now, cybersecurity researchers from ReversingLabs are saying that Lazarus is still going about the same thing, but now targeting Python developers with a fake coding test project. Moving the WHOIS server Apparently, the group would still start the same way - by impersonating someone on LinkedIn. This time around, it is the Capital One bank. Then, they would host the malware on GitHub, masquerading it as a password manager project. After that, they would find suitable victims, and at one point - ask to test their skills. The test includes downloading and installing the password manager, and then hunting for bugs. The entire thing must be finished within half an hour. The crooks would argue that the limit prevents the candidates from cheating, but ReversingLabs says its to prevent the victims from spotting the ruse and acting on it. The malware acts as a downloader, granting the attackers the ability to deploy secondary malicious code, depending on the compromised environment. The campaign is dubbed VMConnect campaign and its been active since August 2023, more than a year now. ReversingLabs believe the campaign is still ongoing. North Koreans are usually targeting developers working on cryptocurrency projects, as that allows them to steal peoples money and use it to fund the state apparatus and the countrys weapons program. One of Lazarus biggest heists netted them more than half a billion dollars. Via BleepingComputer More from TechRadar Pro North Korean hackers are targeting aerospace - Lazarus Group tricks employees into installing malware themselves Here's a list of the best firewalls around today These are the best endpoint security tools right now ====================================================================== Link to news story: https://www.techradar.com/pro/security/north-korean-lazarus-hackers-are-using- a-fake-coding-test-to-steal-passwords --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .