If you are a developer working on cryptocurrency projects, beware of people trying to hire you on LinkedIn – they could be North Korean hackers.
In an April 14 report, Unit 42, Palo Alto Networks’ research branch, shared new findings about Slow Pisces, a hacking group affiliated with the North Korean regime.
In a new malicious campaign that started in 2024, the group has been posing as recruiters on LinkedIn, targeting developers of cryptocurrency projects with malicious coding challenges.
These challenges leverage PDF lures, leading to malicious repositories on GitHub that distribute two new malware payloads, which Unit 42 researchers have named RN Loader and RN Stealer.
PDF Lures on LinkedIn Lead to Malicious GitHub Repositories
This campaign is executed in multiple steps.
First, the Slow Pisces hackers impersonate potential recruiters on LinkedIn and engage with likely targets, sending them a benign PDF with a job description. The targets are primarily involved in cryptocurrency projects.
No tags.
