{"id":127384,"date":"2025-04-17T13:21:23","date_gmt":"2025-04-17T13:21:23","guid":{"rendered":"http:\/\/cryptospotters.net\/?p=127384"},"modified":"2025-04-17T13:21:23","modified_gmt":"2025-04-17T13:21:23","slug":"north-korean-hackers-target-crypto-devs-with-fake-recruitment-tests","status":"publish","type":"post","link":"http:\/\/cryptospotters.net\/?p=127384","title":{"rendered":"North Korean hackers target crypto devs with fake recruitment tests"},"content":{"rendered":"<p>Source: Cointelegraph.com NewsNorth Korean hackers linked to the $1.4 billion Bybit exploit are reportedly targeting crypto developers using fake recruitment tests infected with malware.\u00a0<br \/>\nCybersecurity outlet The Hacker News reported that crypto developers have received coding assignments from malicious actors posing as recruiters. The coding challenges have reportedly been used to deliver malware to unsuspecting developers.<br \/>\nMalicious actors approach crypto developers on LinkedIn and tell them about fraudulent career opportunities. Once they convince the developer, the hackers send a malicious document containing the details of a coding challenge on GitHub. If opened, the file installs stealer malware capable of compromising the victim\u2019s system.<br \/>\nThe scam is reportedly run by a North Korean hacking group known as Slow Pisces, also referred to as Jade Sleet, Pukchong, TraderTraitor and UNC4899.\u00a0<br \/>\nCybersecurity professionals warn of fraudulent job offers\u00a0<br \/>\nHakan Unal, senior security operations center lead at security firm Cyvers, told Cointelegraph that the hackers often want to steal developer credentials and access codes. He said these actors often look for cloud configurations, SSH keys, iCloud Keychain, system and app metadata, and wallet access.\u00a0<br \/>\nLuis Lubeck, service project manager at security firm Hacken, told Cointelegraph that they also try to access API keys or production infrastructure.\u00a0<br \/>\nLubeck said that the main platform used by these malicious actors is LinkedIn. However, the Hacken team observed hackers using freelance marketplaces like Upwork and Fiverr as well.<br \/>\n\u201cThreat actors pose as clients or hiring managers offering well-paid contracts or tests, particularly in the DeFi or security space, which feels credible to devs,\u201d Lubeck added.\u00a0<br \/>\nHayato Shigekawa, principal solutions architect at Chainalysis, told Cointelegraph that the hackers often create \u201ccredible-looking\u201d employee profiles on professional networking websites and match them with resumes that reflect their fake positions.\u00a0<br \/>\nThey make all this effort to ultimately gain access to the Web3 company that employs their targeted developer. \u201cAfter gaining access to the company, the hackers identify vulnerabilities, which ultimately can lead to exploits,\u201d Shigekawa added.\u00a0<br \/>\nRelated: Ethical hacker intercepts $2.6M in Morpho Labs exploit<br \/>\nBe wary of unsolicited developer gigs<br \/>\nHacken\u2019s onchain security researcher Yehor Rudytsia noted that attackers are becoming more creative, imitating bad traders to clean funds and utilizing psychological and technical attack vectors to exploit security gaps.\u00a0<br \/>\n\u201cThis makes developer education and operational hygiene just as important as code audits or smart contract protections,\u201d Rudytsia told Cointelegraph.\u00a0<br \/>\nUnal told Cointelegraph that some of the best practices developers can adapt to avoid falling victim to such attacks include using virtual machines and sandboxes for testing, verifying job offers independently and not running code from strangers.\u00a0<br \/>\nThe security professional added that crypto developers must avoid installing unverified packages and use good endpoint protection.\u00a0<br \/>\nMeanwhile, Lubeck recommended reaching out to official channels to verify recruiter identities. He also suggested avoiding storing secrets in plain text format.<br \/>\n\u201cBe extra cautious with \u2018too-good-to-be-true\u2019 gigs, especially unsolicited ones,\u201d Lubeck added.\u00a0<br \/>\nMagazine: Your AI \u2018digital twin\u2019 can take meetings and comfort your loved ones<a href=\"https:\/\/cointelegraph.com\/news\/north-korea-hackers-crypto-developers-fake-jobs?utm_source=rss_feed&amp;utm_medium=rss&amp;utm_campaign=rss_partner_inbound\" target=\"_blank\" class=\"feedzy-rss-link-icon\" rel=\"noopener\">Read More<\/a><\/p>","protected":false},"excerpt":{"rendered":"<p>Source: Cointelegraph.com NewsNorth Korean hackers linked to the $1.4 billion Bybit exploit are reportedly targeting crypto developers using fake recruitment tests infected with malware.\u00a0 Cybersecurity outlet The Hacker News reported&hellip; <\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[5],"tags":[],"_links":{"self":[{"href":"http:\/\/cryptospotters.net\/index.php?rest_route=\/wp\/v2\/posts\/127384"}],"collection":[{"href":"http:\/\/cryptospotters.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/cryptospotters.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"http:\/\/cryptospotters.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=127384"}],"version-history":[{"count":0,"href":"http:\/\/cryptospotters.net\/index.php?rest_route=\/wp\/v2\/posts\/127384\/revisions"}],"wp:attachment":[{"href":"http:\/\/cryptospotters.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=127384"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/cryptospotters.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=127384"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/cryptospotters.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=127384"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}