Few things are more strenuous than finding new employment— but even worse is when a potential new employer turns out to be fake and is instead using an apparent job opportunity as a way to infect you with malware. Per a report fromReversing Labs, a leading cybersecurity firm, this has been happening to Python developers courtesy of North Korean hackers for about a year, and is likely to continue.
These particular attacks from North Korean state-funded hacking team Lazarus Group are new, but the overall malware campaign against the Python development community has been running since at least August of 2023, when a number of popular open source Python tools were maliciously duplicated with added malware. Now, though, there are also attacks involving “coding tests” that only exist to get the end user to install hidden malware on their system (cleverly hidden with Base64 encoding) that allows remote execution once present. The capacity for exploitation at that point is pretty much unlimited, due to the flexibility of Python and how it interacts with the underlying OS. This is a good time to refer toPEP 668which enforces virtual environments for non-system wide Python installs.
Besides detailing how these attacks work, the original report from Reversing Labs warns that these attacks from Lazarus Group are part of an “active campaign”. In fact, the same day one of the impacted users reached out to ReversingLabs, another exploitation tool popped up on GitHub. While the exploit in question was taken down, the timing of this seems to indicate that the user in contact with Reversing Labs is still compromised by Lazarus Group and that posting was a response to having seen the victim’s communications about the issue.
Get Tom’s Hardware’s best news and in-depth reviews, straight to your inbox.
Christopher Harper has been a successful freelance tech writer specializing in PC hardware and gaming since 2015, and ghostwrote for various B2B clients in High School before that. Outside of work, Christopher is best known to friends and rivals as an active competitive player in various eSports (particularly fighting games and arena shooters) and a purveyor of music ranging from Jimi Hendrix to Killer Mike to the Sonic Adventure 2 soundtrack.
