North Korean hackers target developers with fake job interviews

Software developer in a fake job interview orchestrated by hackers.

Cybersecurity researchers at ReversingLabs have uncovered malicious software packages linked to a campaign known as VMConnect, believed to be orchestrated by the North Korean hacking team Lazarus Group. The campaign, first identified in August 2023, uses fake job interviews to lure developers into downloading and executing malicious code.

The latest samples were traced to GitHub projects associated with previous targeted attacks. Researchers were able to identify one compromised...

11 September 2024 | Developer

Python packages caught using DLL sideloading to bypass security

ReversingLabs researchers have uncovered Python packages using DLL sideloading to bypass security tools.

On 10 January 2024, Karlo Zanki, a reverse engineer at ReversingLabs, stumbled upon two suspicious packages on the Python Package Index (PyPI). These packages – named NP6HelperHttptest and NP6HelperHttper – were found to be utilising DLL sideloading, a known technique used by malicious actors to execute code discreetly and evade detection from security tools.

This...

21 February 2024 | Hacking & Security