Lazarus Hackers Target Job Seekers with Trojanized Coding Challenges

In a recent news story, it has been reported by Kaspersky that the Lazarus hacking group has been targeting job seekers with trojanized coding challenges. This group is known for its sophisticated and targeted attacks against high-profile organizations, and this latest campaign is no exception.

The hackers posed as recruiters for Meta (the company behind Facebook, Instagram, and WhatsApp) and sent emails to potential victims with links to coding challenges that were hosted on legitimate-looking websites. However, the challenges were actually trojanized, meaning that they contained malware that could be used to infect the victims’ computers.

If a victim downloaded and ran the coding challenge, their computer would be infected with a remote access trojan (RAT) called LightlessCan. This RAT is highly sophisticated and can be used to steal data, install additional malware, and take control of the victim’s computer.

The Lazarus group is likely targeting job seekers in order to gain access to the networks of their employers. By infecting the computers of job seekers who are applying for jobs at high-profile companies, the hackers can gain a foothold on those companies’ networks.

How to protect yourself

There are a few things you can do to protect yourself from this type of attack:

  • Be careful about clicking on links in emails, even if they come from people you know. If you are unsure whether a link is safe, you can hover over it to see the actual URL. If the URL does not match the company that the email is supposed to be from, do not click on it.
  • If you are asked to download a coding challenge, be sure to scan it for malware before running it. You can use a free online malware scanner to do this.
  • Keep your software up to date. Software updates often include security patches that can help to protect your computer from known vulnerabilities.
  • Use a strong security solution. A good security solution can help to detect and block malware, including the LightlessCan RAT.

If you think you may have been infected with the Lazarus RAT, you should immediately disconnect your computer from the internet and contact a security professional for assistance.

Additional technical details

The Lazarus RAT is written in C++ and uses the Qt cross-platform development framework. It is distributed as a single executable file that is compressed with the UPX packer.

The RAT uses a variety of protocols to communicate with its command and control (C2) server, including HTTP, HTTPS, and DNS. It also uses a variety of encryption algorithms to protect its communications, including AES and RC4.

The RAT is highly modular and can be customized to meet the specific needs of the attackers. For example, the attackers can add new modules to the RAT to steal specific types of data or to install additional malware.

Stay safe

This type of attack is a reminder that it is important to be vigilant when it comes to your cybersecurity. By following the tips above, you can help to protect yourself from falling victim to this type of attack.