Lazarus Group Hides Malware in Git Hooks to Target Developers
A few months back I saw a post circulating on LinkedIn about a developer who had been targeted by a fake recruiter. The person had been invited to a “technical assessment,” cloned a repository, and ran the code provided as part of the interview. What followed was a silent drain of every credential stored on their machine. I remember reading it and feeling a specific kind of disgust, not just at the technical sophistication of the attack, but at the deliberate choice to weaponize something as emotionally charged as a job search. ...