Tech »  Topic »  JSON services hijacked by North Korean hackers to send out malware

JSON services hijacked by North Korean hackers to send out malware

1 day, 17 hours ago   techradar.com
(Image credit: Shutterstock)
  • Lazarus Group used JSON storage services to host malware in the Contagious Interview campaign targeting developers
  • Attackers lured victims via fake LinkedIn job offers, delivering BeaverTail, InvisibleFerret, and TsunamiKit malware
  • Malware exfiltrates data, steals crypto, and mines Monero—while blending into normal dev workflows

North Korean state-sponsored threat actors, part of the infamous Lazarus Group, have been seen hosting malware and other malicious code on JSON storage services.

Cybersecurity researchers NVISIO flagged they had seen attackers using JSON Keeper, JSONsilo, and npoint.io in a bid to remain unseen and persistent in their attacks.

The attacks seem to be part of the Contagious Interview campaign. In it, the miscreants would first create fake LinkedIn profiles and reach out to software developers either with enticing job offers, or to ask for help on a coding project. During the back-and-forth, the crooks would ask the victims to download a ...


Copyright of this story solely belongs to techradar.com . To see the full text click HERE