Researchers at ReversingLabs warn that North Korea’s Lazarus Group is targeting software developers with phony job interviews.
The threat actors are posing as employees of major financial services firms and send coding assessment tests as part of the interview process. Our team recently recorded a webinar that covers this exact topic, as our cybersecurity experts discuss how we spotted the red flags and stopped it before any damage was done.
The coding tests are designed to trick the job applicant into installing malware concealed in Python packages.
“The content of nearly identical README files included with the packages provides more insight into what the victim encountered,” ReversingLabs says.
“They contain instructions for the job candidates to find and fix a bug in a password manager application, republishing their fix and taking screenshots to document their coding work. The README files tell would-be candidates to make sure the project is running successfully on their system before making modifications. That instruction is intended to make sure that the malware execution is triggered regardless of whether the job candidate (aka ‘the target’) completes the assigned coding assignment.”
The threat actors attempt to instill a sense of urgency by setting a short deadline for the assignment. This is a common social engineering tactic that makes the victim less likely to slow down and think rationally before acting.
“Specifically, the instructions set a timeframe for completing the assignment (finding a coding flaw in the package and fixing it),” the researchers write.
“It is clearly intended to create a sense of urgency for the would-be job seeker, thus making it more likely that he or she would execute the package without performing any type of security or even source code review first. That ensures the malicious actors behind this campaign that the embedded malware would be executed on the developer’s system.”
KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
ReversingLabs has the story.
Here's how it works:
