Suspected North Korean actors use fake ‘coding assignments’ to steal crypto
ID: b408f578-7ee5-5f23-ab7a-f9f793424dcb
STIX ID: report--b408f578-7ee5-5f23-ab7a-f9f793424dcb
Feed Name: Proofpoint Blog
## Executive summary Proofpoint observed a suspected North Korean cluster called UNK_DeadDrop using fake recruiter messages and malicious GitHub/GitLab repos as coding assignments to infect developers across ~100 companies with cross-platform malware that exfiltrates cryptocurrency wallets and credentials; the campaign abuses VS Code/Cursor task automation and VSIX extensions for execution and persistence and leverages an Overlord Go RAT on macOS/Linux and a JavaScript infostealer on Windows.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
