Slow Pisces Targets Developers With Coding Challenges and Introduces New Customized Python Malware

Slow Pisces, a North Korean state-sponsored threat group, targets cryptocurrency developers on LinkedIn with coding challenges containing malware. The malware, disguised as legitimate projects, uses YAML deserialization to execute a payload, RN Loader, which then downloads and executes RN Stealer. RN Stealer exfiltrates victim information, including usernames, machine names, and architecture, from compromised systems.