Summary: A North Korea-linked hacking group, referred to as Slow Pisces, has been linked to a series of malicious campaigns targeting cryptocurrency developers, delivering stealer malware disguised as job-related coding challenges. The group uses platforms like LinkedIn for recruitment lures, employing multi-stage attacks that focus on individual victims rather than broad phishing methods. Their latest malware, RN Stealer, captures sensitive data from infected macOS systems, showcasing sophisticated operational security and payload delivery methods.
Affected: Cryptocurrency developers and related organizations
Keypoints :
- Slow Pisces engages developers on LinkedIn, posing as employers and sending malware disguised as coding assignments.
- The attack chain involves a malicious PDF and trojanized projects hosted on GitHub to deliver payloads.
- RN Stealer can harvest sensitive information from macOS systems, including iCloud Keychain and configuration files.
- The group’s use of YAML deserialization and EJS templating helps conceal the execution of malicious code.
- Similar campaigns by other North Korean groups indicate a trend in using job opportunity themes for malware distribution.
Source: https://thehackernews.com/2025/04/crypto-developers-targeted-by-python.html
Views: 6