A recent trend in social engineering attacks is targeting Python developers through fraudulent recruitment offers designed to entice them into downloading malware. This tactic has been linked to the Lazarus Group, a hacking organization supported by the North Korean government.
Since at least August 2023, the group has been increasing its efforts by distributing malicious versions of popular open-source Python tools. The latest strategy in their campaign involves setting up “coding tests” that trick users into installing concealed malware on their systems. This malware is disguised using Base64 encoding, allowing for remote execution once it has infiltrated the user’s device.
The implications of these attacks are significant, as the versatility of Python means that the potential for exploitation is extensive, leveraging the programming language’s integration with the operating system.