Attacks involving trojanized coding challenges have been launched by North Korean state-sponsored hacking operation Slow Pisces, also known as TraderTraitor, JadeSleet, and Pukchong, to compromise cryptocurrency project developers with the new RN Loader and RN Stealer payloads since last year, according to Infosecurity Magazine.
Threat actors under the guise of a recruiter on LinkedIn sent a PDF file with a description for a purported job opportunity to individuals involved in cryptocurrency projects, the acceptance of which results in the subsequent distribution of a question sheet detailing a coding challenge that redirects to a GitHub repository, a report from Palo Alto Networks Unit 42 researchers revealed. Malicious Python projects mainly used by Slow Pisces then facilitated payload distribution to targets whose IP address, geolocation, time, and HTTP headers were properly validated, with RN Loader exfiltrating basic machine and operating system details and RN Stealer pilfering installed apps and stored SSH keys, as well as AWS, Kubernetes, and Google Cloud configuration files from macOS systems, said Unit 42 researchers. Such findings come after Slow Pisces was reported to have stolen $1.5 billion from Dubai-based cryptocurrency exchange Bybit Technology in February.
Threat actors under the guise of a recruiter on LinkedIn sent a PDF file with a description for a purported job opportunity to individuals involved in cryptocurrency projects, the acceptance of which results in the subsequent distribution of a question sheet detailing a coding challenge that redirects to a GitHub repository, a report from Palo Alto Networks Unit 42 researchers revealed. Malicious Python projects mainly used by Slow Pisces then facilitated payload distribution to targets whose IP address, geolocation, time, and HTTP headers were properly validated, with RN Loader exfiltrating basic machine and operating system details and RN Stealer pilfering installed apps and stored SSH keys, as well as AWS, Kubernetes, and Google Cloud configuration files from macOS systems, said Unit 42 researchers. Such findings come after Slow Pisces was reported to have stolen $1.5 billion from Dubai-based cryptocurrency exchange Bybit Technology in February.
