| ▲ | sneakerblack 2 hours ago | |
This all stinks of Lazarus: https://en.wikipedia.org/wiki/Lazarus_Group I've done incident responses for this exact type of attack multiple times. They've gotten much better organized lately and will often contact developers directly (over LinkedIn or WhatsApp) to run this type of attack. (Although, usually pretending to run a test for a job interview -- which is maybe why the author was confused about the code) | ||
| ▲ | krisbolton 25 minutes ago | parent [-] | |
100%. I can't find it now, but someone last month posted a similar story on HN. The threat actor had stolen someone's GitHub account and altered their otherwise legitimate looking repo. They'll expend a lot of effort in order to masquerade and trick you. TraderTraitor is another good DPRK example. Anyone reading - if you're ever a victim, worth reporting to your national CERT and your org. The CERT can provide advice, it's useful for their threat intel, and your org can check their systems. You might not be the end target. | ||