KuCoinβs security team uncovers a sophisticated Lazarus Group phishing campaign targeting financial and crypto organizations through fake interviews, poisoned code, and exploiting recent vulnerabilities. The campaign demonstrates Lazarusβs evolving tactics, including social engineering, supply chain attacks, and malware deployment. #LazarusGroup #APT38 #CryptoTargeting
Keypoints
- The Lazarus Group conducts complex phishing campaigns via social media platforms like LinkedIn and Twitter.
- Victims are tricked into malware downloads through fake job interview scenarios, leading to credential theft.
- Malware variants include malicious scripts on macOS and Windows designed to harvest data and establish persistence.
- Advanced tactics involve poisoned open-source packages, compromised repositories, and exploiting CVE-2025-48384.
- Both technical professionals and non-technical employees are targeted, emphasizing the need for stringent security measures.
Read More: https://securityonline.info/lazarus-group-is-exploiting-cve-2025-48384-in-new-phishing-campaign/