A new social engineering attack aims to target Python developers by using fake job recruitment offers to entice them into downloading malware. This attack is carried out by the Lazarus Group, a hacking team believed to be funded by North Korea. This operation builds on their previous campaigns involving Python malware, which surfaced in August 2023, when several open-source Python tools were maliciously duplicated and injected with malware.
The current phase of the attack has escalated with the introduction of “coding tests,” designed to trick users into installing concealed malware on their devices. This malware is cleverly disguised using Base64 encoding and enables remote execution once it has been installed.
The potential for exploitation is significant, given Python’s flexibility and its deep integration with operating systems, allowing attackers a wide range of capabilities once they gain access.