North Korean Lazarus hackers are using a fake coding test to steal passwords

News
By published

Lazarus hackers are tweaking their 'fake job' campaign

The Python banner logo on a computer screen running a code editor.
(Image credit: Shutterstock / Trismegist san)

North Korean state-sponsored threat actors Lazarus Group is evolving its “fake job” hacking campaign, researchers have warned.

Lazarus has been creating fake LinkedIn accounts and posting fake job ads across the internet for years. They offer their victims, often developers, enticing packages, high salaries, and plenty of perks. But instead of getting the job, after a few interview rounds, the only thing these people would get is malware, often from .PDF files posing as job details and such.

Now, cybersecurity researchers from ReversingLabs are saying that Lazarus is still going about the same thing, but now targeting Python developers with a fake coding test project.

Moving the WHOIS server

Apparently, the group would still start the same way - by impersonating someone on LinkedIn. This time around, it is the Capital One bank. Then, they would host the malware on GitHub, masquerading it as a password manager project. After that, they would find suitable victims, and at one point - ask to test their skills.

The “test” includes downloading and installing the password manager, and then “hunting” for bugs. The entire thing must be finished within half an hour. The crooks would argue that the limit prevents the candidates from cheating, but ReversingLabs says it’s to prevent the victims from spotting the ruse and acting on it.

The malware acts as a downloader, granting the attackers the ability to deploy secondary malicious code, depending on the compromised environment. The campaign is dubbed “VMConnect campaign” and it’s been active since August 2023, more than a year now. ReversingLabs believe the campaign is still ongoing.

North Koreans are usually targeting developers working on cryptocurrency projects, as that allows them to steal people’s money and use it to fund the state apparatus and the country’s weapons program. One of Lazarus’ biggest heists netted them more than half a billion dollars.

Via BleepingComputer

More from TechRadar Pro

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
Hacker silhouette working on a laptop with North Korean flag on the background
North Korean hackers are targeting LinkedIn jobseekers with new malware - here's how to stay safe
A hand reaching out to touch a futuristic rendering of an AI processor.
North Korean fake job hackers are going the extra mile to make sure their scams seem legit
Hacker silhouette working on a laptop with North Korean flag on the background
North Korean Lazarus hackers are targeting nuclear workers
A digital representation of a lock
Looking for a new job? Watch out you don't fall for this new malware scam
North Korean flag with a hooded hacker
North Korean hackers are posing as software development recruiters to target freelancers
A concept image of someone typing on a computer. A red flashing danger sign is above the keyboard and nymbers and symbols also in glowing red surround it.
North Korean Lazarus hackers launch large-scale cyberattack by cloning open source software
Latest in Security
Abstract image of cyber security in action.
MassJacker malware targets those looking for pirated software
An American flag flying outside the US Capitol building against a blue sky
The FCC is creating a security council to bolster US defenses against cyberattacks
Image depicting hands typing on a keyboard, with phishing hooks holding files, passwords and credit cards.
Microsoft warns about a new phishing campaign impersonating Booking.com
Ransomware
Microsoft uncovers sleuthy new XCSSET MacOS malware campaign
Computer Hacked, System Error, Virus, Cyber attack, Malware Concept. Danger Symbol
Meta warns of worrying security flaw hitting open source type software
Hand holding smartphone and scan fingerprint biometric identity for unlock her mobile phone
Passwordless authentication continues to grow, with biometrics helping push adoption
Latest in News
Garmin Instinct 3 in Neotropic Green
"I'm an idiot": Garmin user reveals how fixing one setting completely changed their training after months of making no progress
The main battle pass characters in Fortnite Lawless, including Midas, Sub Zero and a large wolf-man
You'll finally be able to play Fortnite on Windows 11 Arm-powered laptops as Epic Games partners with Qualcomm
DeepSeek on an iPhone
OpenAI calls on US government to ban DeepSeek, calling it ‘state-subsidized’ and ‘state-controlled’
Abstract image of cyber security in action.
MassJacker malware targets those looking for pirated software
Stress
Complexity of IT systems could be increasing security risks for businesses
Warhammer 40,000: Space Marine 3
Warhammer 40,000: Space Marine 3 enters development as team promises to support Space Marine 2 'with exciting content and regular updates in the coming years'
More about security
Abstract image of cyber security in action.

MassJacker malware targets those looking for pirated software
An American flag flying outside the US Capitol building against a blue sky

The FCC is creating a security council to bolster US defenses against cyberattacks
The Meridian Ellipse in front of a house plant and a pink background.

I tested Meridian’s super-smart wireless speaker for a month – here’s my verdict on whether it’s worth that high price tag
See more latest
Most Popular
Abstract image of cyber security in action.
MassJacker malware targets those looking for pirated software
The main battle pass characters in Fortnite Lawless, including Midas, Sub Zero and a large wolf-man
You'll finally be able to play Fortnite on Windows 11 Arm-powered laptops as Epic Games partners with Qualcomm
Garmin Instinct 3 in Neotropic Green
"I'm an idiot": Garmin user reveals how fixing one setting completely changed their training after months of making no progress
DeepSeek on an iPhone
OpenAI calls on US government to ban DeepSeek, calling it ‘state-subsidized’ and ‘state-controlled’
Warhammer 40,000: Space Marine 3
Warhammer 40,000: Space Marine 3 enters development as team promises to support Space Marine 2 'with exciting content and regular updates in the coming years'
An AMD Radeon RX 9070 XT vs RX 9070 against a red two-tone background
Well, AMD's Radeon RX 9070 series launch isn't going as smoothly as we thought - and it's because retailers have inflated prices
Mark and Devon sitting in a car in Severance season 2 episode 9
Severance season 2 episode 9 recap: 7 new theories I have about 'The After Hours', and answers for Mr Bailiff, devour feculence, Svalbard, and more
An AMD Radeon RX 9070 XT made by Sapphire on a table with its retail packaging
AMD describes its recent RDNA 4 GPU launch as 'unprecedented' and promises restocking the Radeon RX 9070 XT as 'priority number one'
Wix Printful
Wix teams up with Printful for in-house print-on-demand tools
Mercedes-Benz CLA 2025
I’ve tried the new Mercedes-Benz Superscreen – and its Google Gemini-powered smarts push EV infotainment to the next level