September 11, 2024 By Steve Zurier
(Adobe Stock Images)
New malicious software packages tied to the North Korean Lazarus Group were observed posing as a Python coding skills test for developers seeking a new job at Capital One, but were tracked to GitHub projects with embedded malware.
Researchers at ReversingLabs explained in a Sept. 10 blog post that the scheme was a follow-on to the VMConnect campaign that they first identified in August 2023 in which developers were lured into downloading malicious code via fake job interviews.
For this most recent campaign, the instructions sent by the threat actor set a timeframe for completing an assignment, which was to find a code flaw in the package and fix it. The researchers said the lure was clearly intended to create a sense of urgency for the job-seeker, making it more likely that they would download the malicious package.
