North Korean Hackers Use Disguised Apps To Target Macs With Hidden These particular attacks from north korean state funded hacking team lazarus group are new, but the overall malware campaign against the python development community has been running since. Malicious actors disguise themselves as recruiters from major financial firms, such as capital one, to lure developers into downloading malware. the malware itself is well hidden within the python packages, which are part of fake coding tests. it was encoded in a base64 string, obfuscating downloader code.

North Korean Cyberhackers Step Up Phishing Attacks Target Experts The north korea linked threat actor assessed to be behind the massive bybit hack in february 2025 has been linked to a malicious campaign that targets developers to deliver new stealer malware under the guise of a coding assignment. A north korean hacking group is targeting crypto workers with a python based malware disguised as part of a fake job application process, researchers at cisco talos said earlier this week. A recent cyber campaign has emerged, targeting python developers with fake coding tests designed to compromise their systems. members of the infamous north korean hacker group, lazarus, are posing as recruiters and tricking developers into downloading malware disguised as coding projects. The malicious code was found hidden in compiled python files, making it more difficult to detect. the packages were disguised as coding skills tests linked to job interviews, with names like “python skill assessment.zip” and “python skill test.zip”.

North Korean Hackers Target Python Devs With Malware Disguised As A recent cyber campaign has emerged, targeting python developers with fake coding tests designed to compromise their systems. members of the infamous north korean hacker group, lazarus, are posing as recruiters and tricking developers into downloading malware disguised as coding projects. The malicious code was found hidden in compiled python files, making it more difficult to detect. the packages were disguised as coding skills tests linked to job interviews, with names like “python skill assessment.zip” and “python skill test.zip”. In a disturbing trend, cryptocurrency developers are being targeted by a north korean hacking group known as slow pisces, which is deploying sophisticated python malware disguised as coding challenges. North korean hackers lured crypto professionals with fake job interviews to deploy new python based malware, pylangghost. the malware stole credentials from 80 browser extensions, including metamask and 1password, and enabled frequent unauthorized remote access. According to a recent report by google owned mandiant, these attacks often begin with a conversation where a malicious zip file is sent, disguised as a python coding challenge. the file contains covertcatch malware, which acts as a launchpad for further infection. The malicious command triggers the download of a zip archive containing python modules and a visual basic script. this script unzips the archive and launches the trojan using a disguised python interpreter named nvidia.py.