The notorious ‘Lazarus Group’ has been targeting organizations through fake LinkedIn job offers. This elaborate scam aims to capture credentials and deliver malware, posing a significant threat to unsuspecting professionals.
Reported on February 5, 2025, by Bitdefender, the cybercriminal organization linked to North Korea, has launched a campaign that exploits LinkedIn’s credibility to deceive job seekers. The scam begins with an enticing job offer message, often related to decentralized cryptocurrency exchanges or other high-interest fields. Once the target shows interest, the attackers request a CV or GitHub repository link, which they use to harvest personal data.
The next phase involves sharing a repository containing a “minimum viable product” (MVP) of the project, along with a document that requires execution to answer specific questions. This seemingly harmless code is, in fact, a heavily obfuscated script that dynamically loads malicious code from a third-party endpoint. The malware, a cross-platform info-stealer, targets popular cryptocurrency wallets and collects login data from browsers.
Cybersecurity researchers are taking proactive measures in mitigating the risk and in uncovering the scam, highlighting the importance of vigilance and robust cybersecurity practices. Authorities have issued warnings to professionals, advising them to be cautious with unsolicited job offers and to verify the legitimacy of recruiters before sharing personal information. These efforts underscore the need for continuous vigilance and proactive measures to protect against evolving cyber threats.
#CyTech #CyTechNewsRoom #Cybersecurity #CISO #CISOWorkplace™ #PhishingSimulation #CIM #phishing #malware #LinkedInScam #LazarusGroup #NorthKorea
Leave a Reply