The decentralized finance (DeFi) and
cryptocurrency industries are being targeted by North Korean social engineering
schemes in highly personalized and convincing ways.
Here is an example that the FBI is showcasing:
1.
A
person from your dream company, using the name of an old colleague, contacts
you on social media, mentioning a conference you both recently attended and
discussing shared interests.
2.
He
asks if you’re job hunting and reveals his company needs your skills, offering
a significant pay raise. He arranges an
interview with his CTO and during the interview, the CTO gives you a
“pre-employment” test that involves troubleshooting code from some GitHub
repositories you do not recognize.
3.
You
clone the repositories, execute the code, find the bugs, and pass the test with
flying colors.
Congrats – you have fallen for a well-disguised
social engineering scheme conducted by North Korean cyber actors. One of those
GitHub repositories was malicious and landed a malware dropper on your machine
which installed
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.