North Korean Hackers Use Freelance Websites to Target Developers

Sophos researchers have uncovered a new malware campaign launched by North Korean hackers targeting software developers on freelance websites. The campaign uses fake job opportunities to lure victims into downloading malicious code, which ultimately leads to cryptocurrency theft.

The 'Nickel Alley' group has been identified as the perpetrator behind this campaign, which has been ongoing for at least a year. According to Sophos, the group creates fake LinkedIn company pages and GitHub accounts to build credibility and deliver malware.

Victims in the finance and technology industries are particularly vulnerable to these attacks, as they are often targeted with high-value job opportunities. Researchers warn that organizations should monitor command execution and network traffic spawned from Node.js processes for signs of malware retrieval.