This session dives into a sophisticated recruitment scam run by the notorious Lazarus Group on LinkedIn and other job-related platforms. As revealed by Bitdefender Labs, we will uncover how the threat actors use complex methods to deliver malware into what looks like a coding assessment for a job offer. Using advanced social engineering, this scam campaign shows why it's important to stay alert and aware when using any digital service.

During this talk, we will follow the whole infection process, starting with the Javascript Loader & Infostealer, moving to Python scripts that ramp up the damage, and ending with a final payload that doubles down on data theft and connects to the Command and Control (C2) server via The Onion Router (Tor). Attendees will gain a comprehensive understanding of the tactics used by cybercriminals, the potential risks to your organization's security, and strategies to protect against similar attacks.