Research: North Korean hacker group Lazarus uses Git Hooks to hide malware

CoinFeed reported on May 9th that, according to OpenSourceMalware research, the North Korean hacking group Lazarus has adopted a new technique in its malicious campaigns targeting developers, including "infectious interviews" and "TaskJacker," hiding a second-stage loader within the pre-commit scripts of Git Hooks. "Infectious interviews" are a series of attacks by the group that trick developers into cloning malicious code repositories by faking recruitment processes in the cryptocurrency/DeFi sector, ultimately stealing crypto assets and credentials. Researchers advise developers who are asked to clone code repositories as part of an interview process to be wary of such risks and to run them in isolated environments, avoiding the use of personal browser configurations, SSH keys, and encrypted wallets.