##

The North Korean hacking group Lazarus Group is launching a cyberattack campaign dubbed "Operation 99" targeting Web3 and cryptocurrency developers. The attackers are posing as recruiters, luring developers through platforms like LinkedIn to participate in fake project testing and code audits. They then trick victims into cloning a GitLab repository containing malicious code, implanting modular malware into their systems. This malware can steal valuable data such as passwords, API keys, cryptocurrency wallet information, and maintain a connection through highly obfuscated command and control (C2) servers to hide their actions. SlowMist CISO 23pds has issued a warning on social media urging developers to be vigilant, avoid clicking on suspicious links, and update their security software regularly.