Lazarus Group Uses Git Hooks To Hide Malware DPRK's Contagious Interview and TaskJacker campaign is now hiding its second‑stage loader inside git hooks that download InvisibleFerret and Beavertail malware | SOC Prime socprime.com/active-threats/…

Study: North Korean hacker group Lazarus uses Git Hooks to hide malware May 9th news, according to OpenSourceMalware research, the North Korean hacker group Lazarus has adopted new methods in malicious activities targeting developers such as "Infectious Interview" and "TaskJacker," hiding the second-stage loader in the pre-commit script of Git Hooks. "Infectious Interview" is a series of attacks by the organization that lure developers to clone malicious code repositories by forging recruitment processes in the cryptocurrency/DeFi field, ultimately stealing crypto assets and credentials. Researchers suggest that developers who are asked to clone code repositories as part of the interview process should be wary of such risks and should preferably run them in an isolated environment to avoid mounting personal browser configurations, SSH keys, and crypto wallets.

据 OpenSourceMalware 报告，朝鲜黑客组织 Lazarus Group 相关 Contagious Interview / TaskJacker 攻击活动出现新变种，攻击者将第二阶段加载器隐藏在 Git Hooks 中。受害者克隆伪装成“编程测试”的仓库后，恶意 pre-commit 脚本会触发并下载载荷，最终投递 InvisibleFerret 和 BeaverTail 等恶意软件，目标包括加密钱包等敏感信息。 wublock123.com/news/lazarus-…

"Lazarus Group Uses Git Hooks To Hide Malware" published by OSM. #ContagiousInterview, #Lazarus, #TaskJacker, #DPRK, #CTI opensourcemalware.com/blog/d…