Fake recruiter coding tests target devs with malicious Python packages
Contents
ReversingLabs researchers have identified new, malicious software packages believe to be linked to a campaign, VMConnect, that our team first identified in August 2023 and which has ties to the North Korean hacking team Lazarus Group. The new samples were tracked to GitHub projects that have been linked to previous, targeted attacks in which developers are lured using fake job interviews. Furthermore, information gathered from the detected samples allowed us to identify one compromised developer and provided insights into an ongoing campaign, with attackers posing as employees of major financial services firms.
Here is a detailed account of our discovery of the latest, malicious campaign.
History
In August 2023, ReversingLabs published two research posts describing the VMConnect campaign and its connection to North Korea's Lazarus Group. The relation to the Lazarus Group was based on information gathered in research conducted by Japanese CERT. As the team wrote at the time: Malicious PyPI packages …
Here is a detailed account of our discovery of the latest, malicious campaign.
History
In August 2023, ReversingLabs published two research posts describing the VMConnect campaign and its connection to North Korea's Lazarus Group. The relation to the Lazarus Group was based on information gathered in research conducted by Japanese CERT. As the team wrote at the time: Malicious PyPI packages …
IoC
6a8b8bbd83ea4cfeaadaf397700f75681aaddbea