‘Booby-trapped Python and JavaScript projects’: Next time a recruiter approaches you on Linkedin, you may end up losing your cryptowallet

‘Booby-trapped Python and JavaScript projects’: Next time a recruiter approaches you on Linkedin, you may end up losing your cryptowallet

‘Booby-trapped Python and JavaScript projects’: Next time a recruiter approaches you on Linkedin, you may end up losing your cryptowallet


  • Slow Pisces targets crypto developers with bad code disguised as stock analysis tools
  • Malicious code hides in plain sight, using GitHub projects and YAML deserialization tricks
  • Victims unknowingly install RN Loader and RN Stealer through rigged Python repositories

A hacker group from North Korea known as Slow Pisces has launched a sophisticated campaign targeting developers in the cryptocurrency sector through LinkedIn.

The group, also known as TraderTraitor or Jade Sleet, poses as recruiters to lure victims with seemingly genuine job offers and coding challenges, only to infect their systems with malicious Python and JavaScript code.



Source link

Back To Top