#null#

Recently, SlowMist CISO 23pds disclosed a cyberattack operation launched by the North Korean hacking group Lazarus Group, codenamed "Operation 99," targeting Web3 and cryptocurrency developers. This operation involves using fake recruiters on platforms like LinkedIn, enticing developers through project testing and code review requests. Once a victim takes the bait, they are led to clone a seemingly harmless GitLab repository, which actually contains malicious code capable of implanting modular malware into the victim's system. These malware are cross-platform adaptable, capable of stealing passwords, API keys, cryptocurrency wallet information, and other high-value data. They also maintain connections through highly obfuscated command and control (C2) servers, minimizing their footprint. This attack serves as a reminder for Web3 developers to enhance their security awareness, cautiously approach project testing and code review requests from strangers, and avoid cloning suspicious GitLab repositories to prevent cyberattacks.