North Korean hackers target Python devs with malware disguised as coding tests — hack has been underway for a year
Few things are more strenuous than finding new employment— but even worse is when a potential new employer turns out to be fake and is instead using an apparent job opportunity as a way to infect you with malware. Per a report from Reversing Labs, a leading cybersecurity firm, this has been happening to Python developers courtesy of North Korean hackers for about a year, and is likely to continue.
These particular attacks from North Korean state-funded hacking team Lazarus Group are new, but the overall malware campaign against the Python development community has been running since at least August of 2023, when a number of popular open source Python tools were maliciously duplicated with added malware. Now, though, there are also attacks involving "coding tests" that only exist to get the end user to install hidden malware on their system (cleverly hidden with Base64 encoding) that allows remote execution once present. The capacity for exploitation at that point is pretty much unlimited, due to the flexibility of Python and how it interacts with the underlying OS. This is a good time to refer to PEP 668 which enforces virtual environments for non-system wide Python installs.
The motivation behind these attacks are unknown, but since Lazarus Group is a team of state-sponsored hackers, there's a fair chance that North Korea is simply doing what it can to be more of an international cyber security threat. The victims from around the FOSS and Python development community aren't government employees, but Python is being used more across multiple industries. The state-sponsored Lazarus Group likely has no greater objectives beyond simply hijacking machines or stealing money, but its attacks on innocent, job-hunting programmers could point toward a desire to sabotage the cyber workforce outside of North Korea as well. Reversing Labs also speaks of these attacks targeting developers in "sensitive organizations", not just those who are looking for jobs.
