Members of the North Korean hacker group Lazarus posing as recruiters are baiting Python developers with coding test project for password management products that include malware.

They named the fake packages “bitcoinlibdbfix” and bitcoinlib-dev to trick users. They implemented these fake Python packages and stole wallet data.

Developers who published projects on PyPI with their email in package metadata are being targeted They are asked to "verify" ...

The latest such campaign was uncovered by researchers from ReversingLabs and involves malicious code hidden in compiled Python files (PYC) that were part of a fake test project given to job ...

A new campaign tracked as “Dev Popper” is targeting software developers with fake job interviews in an attempt to trick them into installing a Python remote access trojan (RAT).