Python developers using Mac devices are once again being targeted by hackers from North Korea, according to cybersecurity experts. The Lazarus Group, a well-known hacking collective, is behind these attacks as part of their Operation Dream Job scheme. They create fake job postings to attract software developers and then trick them into downloading and running malicious Python packages, giving the attackers access to important resources.
The attackers have been uploading weaponized Python packages to PyPI, a popular Python package repository. Four packages containing malware called PondRAT were identified and removed from the platform. PondRAT is a remote access trojan that can upload and download files, run commands, and disrupt system functions.
Unit 42 researchers have also found Linux variants of POOLRAT, a macOS backdoor previously used by Lazarus. This indicates that the hackers are expanding their capabilities across different operating systems. The use of legitimate-looking Python packages across multiple platforms poses a significant threat to organizations, as installing these packages can lead to widespread malware infections.
Lazarus has been using fake job ads for months to target developers in high-profile organizations, even attempting to get hired by these companies. This tactic shows the group’s persistence in trying to infiltrate networks and steal sensitive information.
For more cybersecurity news and insights, sign up for the TechRadar Pro newsletter. Stay informed about the latest trends and developments in the industry to protect your business from cyber threats.
Sead, a freelance journalist based in Sarajevo, Bosnia and Herzegovina, specializes in IT, cybersecurity, and technology topics. With over a decade of experience in journalism, he has contributed to various media outlets and conducted content writing workshops. His expertise in cloud computing, IoT, 5G, VPNs, ransomware, and data breaches makes him a valuable resource for understanding complex cybersecurity issues.
Stay informed about the latest cybersecurity threats and best practices by following Sead’s work and exploring the resources available on TechRadar Pro. Learn about the best firewalls and endpoint security tools to safeguard your systems and data from malicious attacks. Prioritize cybersecurity measures to protect your business from potential threats and vulnerabilities in the digital landscape.
