Lazarus Group Targets Organizations with Sophisticated LinkedIn Recruiting Scam

Bitdefender Labs describes an active recruitment-style campaign attributed to North Korea-linked Lazarus actors that lures targets via fake LinkedIn job offers. The attackers deliver heavily obfuscated JavaScript that harvests browser credentials and crypto-extension data, then stages multi-layered Python scripts and a .NET binary which disable defenses, establish Tor-based C2, exfiltrate sensitive data (including wallets, credentials, and system fingerprints), run keyloggers and crypto-miners, and pursue persistence across Windows, macOS, and Linux; the report includes indicators, technical analysis, and mitigation advice.