> It revolves around creating fake job ads and luring software developers to apply. During the hiring process, the crooks would trick the devs into downloading and running malicious packages, thus granting the attackers access to important resources.
Ok, that‘s a completely different attack vector then the one I assumed reading the title. I thought pip is compromised. Apparently not. This is social engineering, no?
> This is social engineering, no?
Yes, this is probably spear phishing, a targeted attack.
Yeah from the title I wondered how the developers managed to get into the packages ;)
This is fundamentally the same story that the same site (TechRadar) published a couple of weeks ago under a different title: https://www.techradar.com/pro/security/north-korean-lazarus-... . This version seems to have even less detail.
The audience for this sort of attack seems really quite narrow to me. They have to be technically proficient enough to operate Pip independently and be in the market for a Python development job, but ignorant enough to miss several red flags (including just general awareness of Pip's insecurity) and also important enough to be worth targeting like this.
[dead]