VERY IMPORTANT

Slow Pisces, a North Korean state-sponsored threat group, has launched a campaign targeting cryptocurrency developers using LinkedIn recruitment schemes and malicious coding challenges. The group impersonates recruiters, sending benign PDFs with job descriptions followed by coding tasks linked to compromised GitHub repositories. These repositories contain malware disguised as legitimate projects, using techniques like YAML deserialization and EJS rendering to execute malicious code. The campaign introduces new malware named RN Loader and RN Stealer, which gather victim information and potentially establish persistent access. This sophisticated approach has reportedly led to over $1 billion in cryptocurrency theft in 2023 alone.