Slow Pisces Targets Developers With Coding Challenges and Introduces New Customized Python Malware
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
Slow Pisces, a North Korean state-sponsored threat group, is targeting cryptocurrency developers through LinkedIn with malicious coding challenges. The group impersonates recruiters and sends malware disguised as project tasks, infecting systems with RN Loader and RN Stealer. Their campaign uses GitHub repositories containing adapted open-source projects in Python and JavaScript. The malware employs YAML deserialization and EJS rendering to execute arbitrary code from command-and-control servers. Slow Pisces has reportedly stolen over $1 billion from the cryptocurrency sector in 2023, using various methods including fake trading applications and supply chain compromises. The group's operational security is noteworthy, with payloads existing only in memory and deployed selectively.
OPENCTI LABELS :
cryptocurrency,python,rn stealer,rn loader,yaml deserialization
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Slow Pisces Targets Developers With Coding Challenges and Introduces New Customized Python Malware