"Lazarus Group Targets Developers in Fresh VMConnect Campaign"
"Lazarus Group Targets Developers in Fresh VMConnect Campaign"
According to ReversingLabs, "Lazarus Group" is continuing its "VMConnect" campaign by distributing new malicious software packages to developers via open source repositories. The North Korean group masqueraded as Capital One employees and used fake job interviews to trick developers into downloading the malware. The malware installs malicious downloaders on developer systems that can fetch second and third-stage malware, such as backdoors and infostealers. This article continues to discuss findings regarding the continued VMConnect campaign.