Lazarus Group Launches Cross-Platform JavaScript Stealer Targeting Crypto Wallets
Contents
Multiple Cisco Products Vulnerabilities
February 6, 2025Russian Cybercrime Groups Exploit 7-Zip Vulnerability to Bypass Windows MotW Protections – Active IOCs
February 6, 2025Multiple Cisco Products Vulnerabilities
February 6, 2025Russian Cybercrime Groups Exploit 7-Zip Vulnerability to Bypass Windows MotW Protections – Active IOCs
February 6, 2025Severity
High
Analysis Summary
The Lazarus Group, a North Korea-linked APT, is conducting an active campaign targeting professionals in the cryptocurrency and travel sectors through fake LinkedIn job offers. The attack begins with a fraudulent recruiter reaching out via social media, luring victims with attractive remote job opportunities. Once interest is expressed, the attacker requests a CV or GitHub repository link, exploiting these details for reconnaissance and to establish credibility.
According to the Researcher, The next phase involves directing the victim to a GitHub or Bitbucket repository containing a supposed decentralized exchange (DEX) project which actually hosts an obfuscated script that retrieves a JavaScript-based information stealer. This stealer is designed to extract data from …
February 6, 2025Russian Cybercrime Groups Exploit 7-Zip Vulnerability to Bypass Windows MotW Protections – Active IOCs
February 6, 2025Multiple Cisco Products Vulnerabilities
February 6, 2025Russian Cybercrime Groups Exploit 7-Zip Vulnerability to Bypass Windows MotW Protections – Active IOCs
February 6, 2025Severity
High
Analysis Summary
The Lazarus Group, a North Korea-linked APT, is conducting an active campaign targeting professionals in the cryptocurrency and travel sectors through fake LinkedIn job offers. The attack begins with a fraudulent recruiter reaching out via social media, luring victims with attractive remote job opportunities. Once interest is expressed, the attacker requests a CV or GitHub repository link, exploiting these details for reconnaissance and to establish credibility.
According to the Researcher, The next phase involves directing the victim to a GitHub or Bitbucket repository containing a supposed decentralized exchange (DEX) project which actually hosts an obfuscated script that retrieves a JavaScript-based information stealer. This stealer is designed to extract data from …