Lazarus Group Targets Organizations with Sophisticated LinkedIn Recruiting Scam

Bitdefender Labs reports an active Lazarus Group campaign that leverages fake LinkedIn job offers to trick targets into running a multi-stage, cross-platform malware chain: an obfuscated JavaScript stealer collects browser and crypto-extension data, then downloads recursive Python modules (mlip/pay/bow) and a .NET stager that disables defenses, configures Tor C2, exfiltrates credentials and sensitive files, logs keystrokes, and can deploy crypto-mining and backdoor modules; the campaign targets professionals across industries and IOCs are provided to Bitdefender Advanced Threat Intelligence users.