Operation Dream Job evolves once again - Historico da BBS TELESC.NET.BR

BBS:      TELESC.NET.BR
Assunto:  Operation Dream Job evolves once again
De:       Mike Powell
Data:     Tue, 17 Feb 2026 11:25:17 -0500
-----------------------------------------------------------
North Korean job scammers target JavaScript and Python developers with fake
interview tasks spreading malware

By Sead Fadilpa?i? published yesterday

Operation Dream Job is evolving once again

  Lazarus Group evolving Operation Dream Job campaign to target Web3 developers
  New "Graphalgo" variant uses malicious dependencies in legitimate
bare-bone projects on PyPI/npm
  ReversingLabs found ~200 malicious packages spoofing libraries like graphlib,
aiming to steal crypto

The notorious Lazarus gang is evolving its Operation Dream Job campaign to
target even more software developers and steal even more crypto along the way.

Security researchers ReversingLabs claim to have seen changes to the campaign
starting May 2025, dubbed `Graphalgo', which sees Lazarus take a legitimate
bare-bone project, and adds a malicious dependency which they use in the
attack.

For those unfamiliar with Operation Dream Job, it is an ongoing campaign
created by North Korean state-sponsored hackers. They create fake job ads on
LinkedIn and other platforms and offer enticing jobs to software developers
working primarily in the Web3 (blockchain) industry.

Codename Graphalgo

During the "hiring process", they ask the candidates to go through a few
test assignments which always end up with the victims downloading and running
malicious code. That code can be different, but the goal is always to empty
their crypto wallets - be it standalone apps, browser add-ons, or accounts on
popular crypto exchanges.

"It is easy to create such job task repositories. Threat actors simply need to
take a legitimate bare-bone project and fix it up with a malicious dependency
and it is ready to be served to targets," the researchers said. Most of these
projects are hosted on legitimate platforms such as PyPI or npm, making it more
difficult for the victims to spot the attack.

So far, ReversingLabs found almost 200 malicious packages.

The refresh was dubbed Graphalgo because all of the malicious packages had the
prefix "graph" in their name and often spoof regular libraries such as
graphlib. In more recent times, "graph" was replaced with "big", but
the researchers are yet to find the recruiting part that goes with these
packages.

Via BleepingComputer


https://www.techradar.com/pro/security/north-korean-job-scammers-target-javascr
ipt-and-python-developers-with-fake-interview-tasks-spreading-malware

$$
--- SBBSecho 3.28-Linux
 * Origin: Capitol City Online (1:2320/105)

-----------------------------------------------------------
[Voltar]