Fake Password Manager Coding Test Used to Hack Python Developers
hubie writes:
Members of the North Korean hacker group Lazarus posing as recruiters are baiting Python developers with coding test project for password management products that include malware.
The attacks are part of the 'VMConnect campaign' first detected in August 2023, where the threat actors targeted software developers with malicious Python packages uploaded onto the PyPI repository.
According to a report from ReversingLabs, which has been tracking the campaign for over a year, Lazarus hackers host the malicious coding projects on GitHub, where victims find README files with instructions on how to complete the test.
The directions are meant to provide a sense professionalism and legitimacy to the whole process, as well as a sense of urgency.
ReversingLabs found that the North Koreans impersonate large U.S. banks like Capital One to attract job candidates, likely offering them an enticing employment package.
Further evidence retrieved from one of the victims suggests that Lazarus actively approaches their targets over LinkedIn, a documented tactic for the group.
The hackers direct candidates to find a bug in a password manager application, submit their fix, and share a screenshot as proof of their work.
Read more of this story at SoylentNews.