Slow Pisces, a North Korea-associated hacking group, has been implicated in a campaign that targets developers under the pretense of providing coding assignments. Identified by Palo Alto Networks as responsible for the Bybit hack of February 2025, the group lures developers through LinkedIn, enticing them to execute projects containing malware known as RN Loader and RN Stealer. The group's tactics include sending benign-looking job descriptions as document attachments to GitHub links that ultimately deliver harmful payloads. This strategy aligns with previous attacks on the cryptocurrency sector and underscores the persistent threats posed by state-sponsored hacking activities.
Slow Pisces engaged with cryptocurrency developers on LinkedIn, posing as potential employers and sending malware disguised as coding challenges, resulting in compromised systems.
In July 2023, GitHub revealed that employees at blockchain, cryptocurrency, gambling, and cybersecurity firms were targeted with malicious npm packages disguised as job opportunities.
Collection
[
|
...
]