Cybersecurity firm SlowMist has issued a warning about a campaign by the North Korean hacker group Lazarus targeting LinkedIn users. According to a report published today, Lazarus actors are impersonating software developers on the platform to distribute malware.
The attackers create fake profiles that resemble legitimate developers. They then approach unsuspecting users, often those working in cybersecurity or blockchain technology, and offer them collaborative opportunities or coding challenges. These collaborations involve malicious code repositories laced with malware. If a user downloads the repository, their device becomes infected.
Analysts believe Lazarus is leveraging LinkedIn's professional setting to gain the trust of potential victims. The platform is a popular destination for tech professionals, and users are accustomed to interacting with developers and recruiters. This familiarity creates an opening for attackers to exploit.
Social engineering tactics like impersonation are a common weapon in the Lazarus group's arsenal. In the past, they have posed as health officials and recruiters from well-known tech companies to target individuals and organizations.
The recent LinkedIn campaign highlights the need for users to exercise caution when interacting with unfamiliar profiles. Experts recommend verifying a profile's legitimacy before accepting connections or downloading files. Users should also be wary of unsolicited messages or coding challenges, especially those that seem too good to be true.
Furthermore, it's crucial to scrutinize code repositories before downloading them. Checking the repository's reputation and user reviews can help identify potential red flags. Additionally, security software with up-to-date malware detection capabilities can offer an extra layer of protection.
By following these precautions, LinkedIn users can mitigate the risk of falling victim to Lazarus's malware distribution scheme. The platform itself also has a role to play. Implementing stricter measures to identify and remove fake profiles would make it more difficult for attackers to operate on LinkedIn.