Fake job recruiters hide malware in developer coding challenges

A fake recruiter campaign, dubbed ‘Graphalgo’ and attributed to North Korean threat actors like the Lazarus group, is targeting JavaScript and Python developers by hiding malware in coding challenges. Applicants are tricked into running malicious code disguised as legitimate projects, which installs a remote access trojan (RAT) designed to steal cryptocurrency and exfiltrate data.