A recent cybersecurity report highlights a new campaign by the North Korea-linked Lazarus Group, using fake LinkedIn job offers related to cryptocurrency and travel to spread malware. Victims are initially attracted by promises of flexible, well-paying remote jobs. Once engaged, they share personal information, leading to a malicious GitHub link that contains an information-stealing script. This malware targets cryptocurrency wallet extensions and collects sensitive data while also facilitating further attacks with a backdoor. The attack shares similarities with previous strategies known as Contagious Interview, showing the growing sophistication of these cyber threats. Users are urged to stay vigilant against such scams to protect their personal and financial information.
The North Korean Cyber Threat: Lazarus Group’s New Job Scam
Date: February 05, 2025
Author: Ravie Lakshmanan
Tags: Cryptocurrency, Data Breach
The notorious Lazarus Group, known for its ties to North Korea, is back in the spotlight with a new campaign targeting job seekers in the cryptocurrency and travel sectors. This sophisticated attack involves fake job offers on LinkedIn, luring victims with enticing promises of remote work and attractive pay.
According to the cybersecurity firm Bitdefender, the scam begins with a seemingly harmless message from a recruiter. Once a target shows interest, the scammer requests sensitive information such as a CV or links to their GitHub profile. This innocent interaction can lead to dangerous outcomes, including data theft or potential malware infections.
The next step of the scam delves deeper. Targets are directed to a GitHub or Bitbucket repository containing what is claimed to be a decentralized exchange project. However, hidden within the code is malicious software designed to steal information from various cryptocurrency wallet extensions. This JavaScript-based information stealer retrieves sensitive data, while a Python backdoor monitors clipboard activity and opens up pathways for further malicious installations.
Bitdefender has noted parallels between this attack cluster, dubbed “Contagious Interview,” and previous campaigns using similar deceptive tactics. The malware involved not only harvests information but also can execute keylogging and cryptocurrency mining operations on the victim’s device.
Reports across platforms like LinkedIn and Reddit indicate that these scams are widespread. Candidates have shared experiences ranging from requests to clone Web3 repositories to fix intentionally created bugs, all under the guise of job interviews.
In light of these developments, cybersecurity experts emphasize the importance of vigilance and cautioned job seekers to verify the legitimacy of job offers, especially ones linked to cryptocurrency.
As the threat landscape continues to evolve, staying informed and cautious can help individuals protect themselves from falling victim to such cyber threats.
What is the Lazarus Group and why is it important?
The Lazarus Group is a well-known hacking group, linked to North Korea. They are famous for stealing money and data, especially from crypto wallets. It’s important to know about them because their actions can affect many individuals and businesses in the crypto world.
What is the new threat from the Lazarus Group?
The new threat involves a Cross-Platform JavaScript stealer that targets crypto wallets. This tool can gather sensitive information from users, making it easier for hackers to steal funds and personal data.
How does the Cross-Platform JavaScript stealer work?
The stealer works by being disguised within normal software or websites. When users unknowingly download it, the tool collects data about their crypto wallets, like passwords and keys, and sends this information back to the hackers.
How can I protect my crypto wallet from this threat?
To protect your crypto wallet, you should always use strong, unique passwords and enable two-factor authentication. Avoid clicking on suspicious links or downloading untrusted software. It’s also wise to keep your software updated to fix security flaws.
What should I do if I think I’m a victim of this attack?
If you suspect you’ve been targeted, immediately change your wallet passwords and any connected accounts. Inform your wallet provider about the attack. Consider reaching out to cybersecurity experts for further help in securing your data and funds.
