A new wave of social engineering attacks is targeting Python developers, utilizing fake job recruitment pitches to entice individuals into downloading malware. These attacks are perpetrated by the North Korean state-sponsored hacking group known as the Lazarus Group. While these tactics may be relatively new, they are part of an ongoing campaign that has been distributing Python malware since at least August 2023, when several open-source Python tools were found to have been maliciously modified to include harmful code.
The latest method employed by the attackers involves offering “coding tests” that are ultimately designed to trick users into installing concealed malware on their systems. This malware is cleverly disguised using Base64 encoding, allowing for remote execution once it is installed.
The potential for exploitation is significant due to Python’s capabilities and its interaction with the operating system, making these attacks particularly concerning for developers.