The Lazarus Group, a hacker organization with direct ties to North Korea, used employment opportunities as a way to infect employers’ devices with malware. This is reported by Tom’s Hardware, citing a report by cybersecurity company Reversing Labs.
The new wave of attacks is part of a campaign known as VMConnect, which was first detected in August 2023. Both the new and previous cases related to this attack targeted the Python development community.
Last year, a hacker group duplicated popular open-source Python tools, infecting them with malware. A new wave of attacks is taking place using coding tests.
Their main goal is to force the end user to install malware on their device, which is hidden using Base64 encoding, allowing remote access.
Reversing Labs notes that these attacks are part of an active campaign. The company was contacted by one of the users who suffered from a similar attack, and another malware-infected tool appeared on GitHub on the day of the contact.
Such attacks are likely to continue in the future, and in addition to regular employers looking for Python specialists, Lazarus Group hackers are also targeting developers in “sensitive organizations.”
Loading comments …