Northern Korean hackers target Cripto Devs with fake employment tests
Northern Korean hackers associated with an exploitation of $ 1.4 billion, allegedly target crypto developers using false hiring tests infected with malicious software.
Ciberscuti Outlet Hacker News reported that crypto developers have received Coding of malicious actors’ tasks that are posed as recruiters. Coding challenges are reportedly used to deliver malware for undoubted developers.
Malicious actors approach the crypto developers on LinkedIn and tell them about fake career opportunities. Once convincing the developer, hackers send a malicious document that contains details of the coding challenge to GitHub. If it opens, the file is installed by an imaginative malware that can endanger the victim’s system.
The report reportedly manages the North Korean hack group known as a dispute of fish, called the misery, Pukchong, TraderTraiter and UNC4899.
Cyber-Cibery professionals warn of fake job offers
Hakan Unal, the senior operational operating center they mastered in a security central pipe, said cointelegraph that hackers often want to steal the programmers and access codes. He said that these actors often seek configurations in the cloud, SSH keys, iCloud Keichain, system and application for access and access to the wallet.
Luis Lubeck, Service Manager of the Project Hacken, told Conistelegraph to also try to access the API with key or production infrastructure.
Lubeck said that the main platform used by these malicious actors LinkedIn. However, Hacken team noted hackers using free market platforms as well as voluntary and Ferrr.
“Actors threats represent clients or employment managers who offer well-paid contracts or tests, especially in definitive or security space, who feel credible for Devs,” Lubeck added.
Hayato Shipekava, main solutions of the architect in Lancaliza, said COINTELEGRAFOM that hackers often create “credible” professional networking sites and coincide them with resume that reflect their false positions.
They make it all efforts to eventually get access to the Web3 company that employs their target developer. “After receiving access to the company, hackers identify vulnerabilities, which eventually can lead to exploitation,” Shigekava added.
Related: The ethical hacker intercepts $ 2.6 million in the morpha laboratories
Be cautious from unwanted gigs for developers
Hacken’s Onchain Security Researcher Yehor Ruditsia noticed that attackers become more creative, imitating bad market cleaners and using psychological and technical striking vectors to exploit security gaps.
“It makes education of developers and operational hygiene as important as revisions of codes or protection of smart contracts,” said Ruditsia Coinderelegraph.
Unal said cointelegraph that some of the developers of best practices can be adjusted to avoiding victims of such attacks include the use of virtual machines and test boxes, checking jobs independently and does not start work from foreigners.
The security professional added that CRIPTO developers must avoid installing unverified packages and use good endpoint protection.
Meanwhile, Lubeck recommended that he reached official channels in order to verify recruiting identity. He also suggested to avoid keeping secrets in an ordinary text format.
“Be extra careful with” too good-future “gigs, especially unwanted,” Lubeck added.
https://www.youtube.com/vatch? v = NDV0RFehEtk
Journal: Your AI ‘digital blind’ can meet and comfortably comfort their loved ones
https://images.cointelegraph.com/cdn-cgi/image/format=auto,onerror=redirect,quality=90,width=1200/https://s3.cointelegraph.com/uploads/2024-12/0193a88f-b8bc-7128-b61c-ae1843655189
2025-04-17 15:47:00
