Slow Pisces Targets Developers With Coding Challenges and Introduces New Customized Python Malware
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
Slow Pisces, a North Korean state-sponsored threat group, has launched a campaign targeting cryptocurrency developers using LinkedIn recruitment schemes and malicious coding challenges. The group impersonates recruiters, sending benign PDFs with job descriptions followed by coding tasks linked to compromised GitHub repositories. These repositories contain malware disguised as legitimate projects, using techniques like YAML deserialization and EJS rendering to execute malicious code. The campaign introduces new malware named RN Loader and RN Stealer, which gather victim information and potentially establish persistent access. This sophisticated approach has reportedly led to over $1 billion in cryptocurrency theft in 2023 alone.
OPENCTI LABELS :
social engineering,infostealer,north korea,rn stealer,rn loader,dpkr,slow pisces
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Slow Pisces Targets Developers With Coding Challenges and Introduces New Customized Python Malware