Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

North Korean Lazarus hackers are using a fake coding test to steal passwords

The Python banner logo on a computer screen running a code editor.

North Korean state-sponsored threat actors Lazarus Group is evolving its “fake job” hacking campaign, researchers have warned.

Lazarus has been creating fake LinkedIn accounts and posting fake job ads across the internet for years. They offer their victims, often developers, enticing packages, high salaries, and plenty of perks. But instead of getting the job, after a few interview rounds, the only thing these people would get is malware, often from .PDF files posing as job details and such.

Now, cybersecurity researchers from ReversingLabs are saying that Lazarus is still going about the same thing, but now targeting Python developers with a fake coding test project.

Moving the WHOIS server

Apparently, the group would still start the same way - by impersonating someone on LinkedIn. This time around, it is the Capital One bank. Then, they would host the malware on GitHub, masquerading it as a password manager project. After that, they would find suitable victims, and at one point - ask to test their skills.

The “test” includes downloading and installing the password manager, and then “hunting” for bugs. The entire thing must be finished within half an hour. The crooks would argue that the limit prevents the candidates from cheating, but ReversingLabs says it’s to prevent the victims from spotting the ruse and acting on it.

The malware acts as a downloader, granting the attackers the ability to deploy secondary malicious code, depending on the compromised environment. The campaign is dubbed “VMConnect campaign” and it’s been active since August 2023, more than a year now. ReversingLabs believe the campaign is still ongoing.

North Koreans are usually targeting developers working on cryptocurrency projects, as that allows them to steal people’s money and use it to fund the state apparatus and the country’s weapons program. One of Lazarus’ biggest heists netted them more than half a billion dollars.

Via BleepingComputer

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.