Members of the North Korean hacker group Lazarus posing as recruiters are baiting Python developers with coding test project for password management products that include malware.

Now, cybersecurity researchers from ReversingLabs are saying that Lazarus is still going about the same thing, but now targeting Python developers with a fake coding test project.

Fake Alibaba Labs AI SDKs hosted on PyPI included PyTorch models with infostealer code inside. With support for detecting malicious code inside ML models lacking, expect the technique to spread.

Now, cybersecurity researchers from ReversingLabs are saying that Lazarus is still going about the same thing, but now targeting Python developers with a fake coding test project.