The threat actor targeted a highly popular open source project with more than 100 million weekly downloads, creating a large “blast radius.”
N. Korea Contagious Interview Campaign Turns to VS Code to Deliver Backdoor
Jamf security researchers said state-sponsored espionage actors are using malicious VS Code projects to steal information.
North Korean Bad Actor’s Fake Job Offer Scam Targets Developers
Freelance developers around the world are being targeted by North Korean bad actors posing as job recruiters who as part of the fake application process entice them to run software jobs that actually compromise their systems with infostealer malware.
North Korea’s Lazarus Group Targets Developers, Supply Chain
North Korea’s notorious Lazarus Group is using an advanced malicious implant to target cryptocurrency wallets and spreading it via legitimate GitHub profile and possibly through npm packages. The ongoing campaign, dubbed Operation Marstech Mayhem, is the example of a threat group using open-source code repositories like GitHub, npm, and Python Package Index (PyPI) in software supply […]