A new social engineering attack is targeting Python developers by enticing them with false recruiting pitches that lead to the download of malware. This tactic is attributed to the Lazarus Group, a North Korean state-sponsored hacking team, which has gained notoriety for its ongoing campaign that involves spreading Python-related malware since at least August 2023. During that time, several open-source Python tools were maliciously replicated to include harmful software.
Recently, the nature of these attacks has evolved to include “coding tests,” which are, in fact, traps designed to install concealed malware on victims’ systems. This malware, cleverly disguised using Base64 encoding, allows for remote execution once it infiltrates a system. The potential for exploitation is significant, owing to Python’s versatility and its ability to interact seamlessly with the operating system.