Fake Job Recruiters Hid Malware In Developer Coding Challenges
3 25"A new variation of the fake recruiter campaign from North Korean threat actors is targeting JavaScript and Python developers with cryptocurrency-related tasks," reports the Register. Researchers at software supply-chain security company ReversingLabs say that the threat actor creates fake companies in the blockchain and crypto-trading sectors and publishes job offerings on various platforms, like LinkedIn, Facebook, and Reddit. Developers applying for the job are required to show their skills by running, debugging, and improving a given project. However, the attacker's purpose is to make the applicant run the code... [The campaign involves 192 malicious packages published in the npm and PyPi registries. The packages download a remote access trojan that can exfiltrate files, drop additional payloads, or execute arbitrary commands sent from a command-and-control server.]
In one case highlighted in the ReversingLabs report, a package named 'bigmathutils,' with 10,000 downloads, was benign until it reached version 1.1.0, which introduced malicious payloads. Shortly after, the threat actor removed the package, marking it as deprecated, likely to conceal the activity... The RAT checks whether the MetaMask cryptocurrency extension is installed on the victim's browser, a clear indication of its money-stealing goals...
ReversingLabs has found multiple variants written in JavaScript, Python, and VBS, showing an intention to cover all possible targets.
The campaign has been ongoing since at least May 2025...
3 comments
Desperation (Score: 5, Informative)
by drinkypoo ( 153816 ) on <drink@hyperlogos.org> on Sunday February 15, 2026 @11:46AM (#65990448)
It's tempting to declare that these are failing results from people who shouldn't be employed in these industries anyway due to their gullibility, and it's not entirely wrong, but it's also noteworthy that desperation increases vulnerability. The jobs report [kvia.com] says there was net job creation, but where are the jobs? [bbc.com] Is the claim of job creation as false as the expectations of 2025? [nepm.org]
How sharp were you at 22? (Score: 5, Interesting)
by Somervillain ( 4719341 ) on Sunday February 15, 2026 @12:23PM (#65990498)
It's tempting to declare that these are failing results from people who shouldn't be employed in these industries anyway due to their gullibility, and it's not entirely wrong, but it's also noteworthy that desperation increases vulnerability.
So just how smart and sharp were you after graduating? You're clearly old. Just because there was barely any internet when you started your career, sparing you from this trap, doesn't mean you wouldn't have fallen for it. The whole point of hiring someone is having them grow into the role...only shitholes expect you to know everything coming in...because they want to hire you for as short as possible and fire you.
REAL employers?...they have proprietary software and custom workflows and need many months for you to be productive. They need more than a basic Spring Boot CRUD app. They need to train you to maintain sophisticated software. You're not chosen based on what you know, but for your ability to adapt and become what the employer needs.
Shitholes hire commodities. Good employers invest in people.
npm and PyPi are good concepts (Score: 5, Interesting)
by oldgraybeard ( 2939809 ) on Sunday February 15, 2026 @12:48PM (#65990544)
But are unusable in the real world.