Python Repositories Infested: Malware Heist Hits Crypto Developers
Slow Pisces, a North Korean hacking group, uses Python repositories to stealthily distribute infostealer malware, evading detection by targeting specific victims via LinkedIn. With advanced concealment methods and payloads that exist solely in memory, they’ve allegedly stolen billions from the cryptocurrency sector, proving once again that cybercrime pays… unfortunately.
Hot Take:
Well, it seems Slow Pisces has traded in their fishing rod for a high-tech LinkedIn profile and a GitHub account! With their sneaky tactics and obsession with cryptocurrency, they’re giving “going viral” a whole new meaning. If only they used their powers for good, like creating a killer app for organizing your sock drawer, instead of swiping digital coins from unsuspecting wallets. Alas, as the Slow Pisces swim upstream, it’s clear they’re not just phishing – they’re full-on into the shark business!
Key Points:
- Slow Pisces uses legitimate repositories mixed with malicious ones to distribute malware.
- The group targets victims via LinkedIn, avoiding broad phishing campaigns.
- Unit 42 discovered two new payloads: RN Loader and RN Stealer.
- Slow Pisces employs advanced concealment tactics, making detection difficult.
- Slow Pisces has reportedly stolen over $1bn from the cryptocurrency industry in 2023 alone.