The notorious Lazarus Group, a North Korean Advanced Persistent Threat (APT) group, has been linked to a sophisticated campaign targeting software developers.<\/p>\n
This campaign involves the use of infostealer malware, designed to steal sensitive information from developers\u2019 systems.<\/p>\n
The attack leverages social engineering tactics, including fake job interviews and compromised NPM packages<\/a>, to deceive developers into executing malicious scripts.<\/p>\n The malware campaign involves a multi-stage modular approach, using techniques such as Base64 encoding and zlib compression to obfuscate the malicious code.<\/p>\n Threat Intelligence Researcher, Rayssa Cardoso detected<\/a> a key component of the attack is a Python script that uses a lambda function to decode and execute the malware:-<\/p>\n This script reverses the input string, decodes it using Base64, decompresses the result with zlib, and then executes the reconstructed Python code using the The malware structure includes several files and folders:-<\/p>\n Lazarus Group uses social engineering tactics like the \u201cClickFix\u201d method, where users are tricked into executing malicious scripts by clicking on seemingly legitimate buttons.<\/p>\n Another tactic involves fake recruiter profiles on platforms like LinkedIn and GitHub, inviting developers to participate in online interviews<\/a>.<\/p>\n During these interviews, candidates are asked to execute malicious code<\/a>, leading to the installation of malware.<\/p>\n The campaign involves several types of malware, including:-<\/p>\n The use of sophisticated social engineering tactics and obfuscated malware shows the need for strict vigilance and robust cybersecurity measures<\/a>.<\/p>\n The post Lazarus Group Infostealer Malwares Attacking Developers In New Campaign<\/a> appeared first on Cyber Security News<\/a>.<\/p>\n<\/div>\n_ = lambda __ : __import__('zlib').decompress(__import__('base64').b64decode(__[::-1]));exec((_)<\/code><\/pre>\nexec()<\/code> function.<\/p>\nCampaign Structure<\/strong><\/h2>\n
\n
![\"\"](\"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgxx9Bh31MHRBdGLF0_5YJdIUnZUH0NpQJDm9TWE1GH9fTUaALlE2VV8AuzPFSbkc6iusd29qCaUf2Ek0lFueoGBlredrCi8kG8mWWLJ1o5WKDfiIvBSlhNeTwyXiwEyBEmIMxji5kDXEb0plJcSuCo0vn0fHRF76Qkwp0BdkNq8JWYUeoR8hcIzNRNqzg\/s16000\/ClickFix%2520Campaign%2520%28Source%2520-%2520Medium%29.webp?ssl=1\")
![\"\"](\"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiFGnxLL742dYfXPe6EjjnJhachbbH8FcZ52rJETft8L5XlOYwvKhC3r6bDUDZcfbvrz9R102759vUS7WU54p_U0Kf5A8QHj6mS9mvooMh7mOckzfTiNhj5i7sD30_KHpad6A2Yx1c_BRQoV5VL9_1-qb3JsEDCAMCPc5lKrcBepgc5-vDWxm2SMdnGDvg\/s16000\/Obfuscated%2520Code%2520%28Source%2520-%2520Medium%29.webp?ssl=1\")
![\"\"](\"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEi2gNkM4-9kYaHEAmXiR04nPok84yZHYquz-qInPQsG0PXmDDduj9aMj-SchL2xEy-3aYIf0VOYUlSyLWwOaclXF0AigBwn-27AhXhW1aqLnbjesDJ1Bef_jGAMP28NMJbxVn40l8bprIrytJ39bww30-TclV_r9qIezRd5OnP_JHz9lHReApyx-OxpDQs\/s16000\/Contagious%2520Interview%2520%28Source%2520-%2520Medium%29.webp?ssl=1\")
\n
![\"\"](\"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhaClK7o-fNB6zQImB73l3HGx3BY88WrAWZWBImTVgzsyWLOnGtCaiBv0GvNZsjmk8L5i8web0dRV7aJTYMQV5HiAUqV0SnpGWWO1N9FJ8Xp-xOhlNeLCySTCNwizuNUKKMeRydUHMqd7OUPj8DlzswAEUJ15pWS2ZXOuBC4iDGQAGZ6Ji3D_ZVcA7QN_g\/s16000\/Contagious%2520Interview%2520Cmpaign%2520Chain%2520%28Source%2520-%2520Medium%29.webp?ssl=1\")
Indicators of Compromise (IoC)<\/strong><\/h2>\n
\n
MITRE ATT&CK TTPs<\/strong><\/h2>\n
\n
Investigate Real-World Malicious Links & Phishing Attacks With\u00a0Threat Intelligence Lookup<\/strong>\u00a0-\u00a0Try for Free<\/a><\/code><\/strong><\/code><\/strong><\/p>\n