North Korean hackers are using LinkedIn job scams to distribute COVERTCATCH malware, targeting developers with fake job offers. The attack starts with a coding test that delivers malware disguised as a Python challenge. Once inside the target’s macOS system, it installs a second-stage payload to maintain persistence and steal credentials.
Key Points
• Malware spread via LinkedIn job scams targeting developers.
• Initial infection uses Python coding challenges.
• Malware gains persistence through Launch Agents on macOS.
• Targets include Web3 organizations and cryptocurrency firms.
• North Korea employs social engineering and software supply chain attacks.
Link: North Korean Threat Actors Deploy COVERTCATCH Malware via LinkedIn Job Scams (thehackernews.com)