North Korean Hackers Target Crypto Developers with Malicious Assignments

The post North Korean Hackers Target Crypto Developers with Malicious Assignments appeared on BitcoinEthereumNews.com.

North Korean hackers target crypto devs with malicious job offers Slow Pisces group uses LinkedIn to deliver malware to crypto developers A North Korean hacking group, believed to be responsible for the $1.4 billion Bybit hack in February 2025, has been linked to a new malicious campaign that targets crypto developers. The advanced hacking organization uses counterfeit programming tasks to send malicious code to developers through sophisticated digital tactics. North Korean Hackers Exploit Crypto Developers via LinkedIn Slow Pisces is a cybercriminal group that utilizes LinkedIn to target cryptocurrency developers, according to Palo Alto Networks’ Unit 42 division. The malicious actors pretend to be job recruiters while sending code assignments that hide malware inside them. The harmful software program RN Loader and RN Stealer distribute their attacks through projects that developers must run to become contaminated. Cryptocurrency remains an ongoing North Korean cyber actor attack target because they continue efforts to exploit this sector. The group employs this tactical approach for a second time after deploying it back in July 2023. GitHub confirmed that bitcoin-related businesses as well as cybersecurity companies and their staff, fell victim to npm package attacks in that same cycle. Palo Alto Networks security researcher Prashil Pattni described the operation of the hacker group. They first approach developers on LinkedIn with an attractive job offer. When a developer engages with them, the attackers distribute a PDF file that provides the coding assignment information. The task is located on GitHub where developers can follow the instructions for acquiring and executing the Python program. The initial appearance of the project presents no concern because it shows cryptocurrency exchange rates to users. Throughout its process the project uses a secret connection to fetch additional payload from a distant server, thereby enabling attackers to gain deeper access to the system.…

Leave a Reply

Your email address will not be published. Required fields are marked *

Filed under: News - @ April 17, 2025 8:27 pm