A new social engineering attack is targeting Python developers, employing fake recruiting tactics to trick them into downloading malware. This strategy is attributed to the Lazarus Group, a state-sponsored hacking organization from North Korea. They have recently expanded their campaign, which reportedly began in August 2023, involving the malicious replication of open-source Python tools embedded with malware.
The current phase of these attacks introduces “coding tests” that are designed solely to facilitate the installation of hidden malware on victims’ systems. This malware, which is cleverly obscured through Base64 encoding, enables remote execution, thereby posing significant risks. The potential for exploitation is vast due to Python’s versatility and its interaction with operating systems, making it a powerful tool in the hands of attackers.