Python coding interview test used to hack computers

Members of the North Korean hacker group Lazarus are targeting Python developers by posing as recruiters and offering fake coding tests for password management products that contain malware. This tactic is part of the 'VMConnect campaign,' which began in August 2023, where malicious Python packages were uploaded to the PyPI repository. The hackers host these projects on GitHub, providing README files that appear professional and create a sense of urgency for candidates. They impersonate large U.S. banks to attract job seekers and often reach out via LinkedIn. The coding test involves finding and fixing bugs in a malicious password manager application, which, when executed, triggers a malware downloader that connects to a command and control server. The README file pressures candidates to complete the task quickly, discouraging them from checking for malicious code. ReversingLabs, which has been monitoring this campaign, warns developers to be cautious of job offers from unknown sources and to verify the identities of recruiters. They recommend reviewing any provided code carefully and executing it only in secure environments.

- Lazarus hackers impersonate recruiters to target Python developers.

- The 'VMConnect campaign' uses fake coding tests to distribute malware.

- Malicious projects are hosted on GitHub with misleading README files.

- Candidates are pressured to complete tasks quickly, bypassing security checks.

- Developers are advised to verify recruiter identities and review code carefully.