Source: Cointelegraph Original: "{title}"

According to reports, North Korean hackers linked to the $1.4 billion Bybit hack are targeting cryptocurrency developers using fake recruitment tests with malware.

Cybersecurity media The Hacker News reported that cryptocurrency developers received programming tasks sent by hackers impersonating recruiters. These programming challenges are allegedly used to spread malware to unsuspecting developers.

The hackers reach out to cryptocurrency developers via LinkedIn, introducing them to fake job opportunities. Once they persuade the developers, the hackers send a malicious file containing details of a GitHub programming challenge. Opening the file installs spyware capable of infiltrating the victim's system.

This scam is reportedly carried out by a North Korean hacker group known as Slow Pisces, which is also referred to as Jade Sleet, Pukchong, TraderTraitor, and UNC4899.

Hakan Unal, head of the security operations center at cybersecurity firm Cyvers, told Cointelegraph that hackers typically aim to steal developers' credentials and access code. He stated that these hackers often look for cloud configurations, SSH keys, iCloud keychains, system and application metadata, and wallet access.

Luis Lubeck, service project manager at cybersecurity firm Hacken, told Cointelegraph that they also attempt to gain access to API keys or production infrastructure.

Lubeck mentioned that these hackers primarily use the LinkedIn platform. However, the Hacken team has also observed hackers using freelance markets like Upwork and Fiverr.

"The hackers impersonate clients or hiring managers, offering high-paying contracts or tests, especially in the decentralized finance (DeFi) or security fields, which makes it seem credible to developers," Lubeck added.

Hayato Shigekawa, chief solutions architect at Chainalysis, told Cointelegraph that hackers often create "seemingly credible" employee profiles on professional social networking sites, complete with resumes that match the fake positions.

They do this to ultimately gain access to Web3 companies that hire their target developers. "Once they gain access to the company, the hackers identify vulnerabilities that could eventually lead to an attack," Shigekawa added.

Yehor Rudytsia, on-chain security researcher at Hacken, pointed out that attackers are becoming more "creative," mimicking bad actors to launder funds and using psychological and technical attack methods to exploit security vulnerabilities.

"This makes developer education and operational protocols as important as code audits or smart contract protections," Rudytsia told Cointelegraph.

Unal mentioned some best practices developers can adopt, including using virtual machines and sandboxes for testing, independently verifying job opportunities, and not running code from strangers.

The security expert added that cryptocurrency developers must avoid installing unverified software packages and use good endpoint protection.

Meanwhile, Lubeck advised verifying the identity of recruiters through official channels. He also suggested avoiding storing sensitive information in plain text.

"Be especially cautious of jobs that are 'too good to be true,' especially those that come unsolicited," Lubeck added.

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。