Security News > 2023 > March > Security researchers targeted with new malware via job offers on LinkedIn
A suspected North Korean hacking group is targeting security researchers and media organizations in the U.S. and Europe with fake job offers that lead to the deployment of three new, custom malware families.
Mandiant says the particular group has previously targeted tech firms, media groups, and entities in the defense industry.
One of the lures shared by Mandiant impersonates the New York Times, as shown below.
TouchShift then loads another screenshot utility called "TouchShot," a keylogger named "TouchKey," a tunneller named "HookShot," a new loader named "TouchMove," and a new backdoor named "SideShow."
North Korean hackers previously targeted security researchers involved in vulnerability and exploit development by creating fake online social media personas that pretended to be vulnerability researchers.
These personas would then contact other security researchers about potential collaboration in vulnerability research.
News URL
Related news
- Researchers Uncover Major Security Vulnerabilities in Industrial MMS Protocol Libraries (source)
- Researchers Uncover Hijack Loader Malware Using Stolen Code-Signing Certificates (source)
- WeChat devs introduced security flaws when they modded TLS, say researchers (source)
- Researchers Discover Severe Security Flaws in Major E2EE Cloud Storage Providers (source)
- Apple Opens PCC Source Code for Researchers to Identify Bugs in Cloud AI Security (source)
- Germany drafts law to protect researchers who find security flaws (source)