North Korean Cyber Threat Targets Developers with Fake Interviews

North Korean Hackers Targeting Developers

Stage 1: Malicious NPM package

North Korean Hackers Targeting Developers
 unusually long scroll bar
North Korean Hackers Targeting Developers
Extracted obfuscated JavaScript  code from imageDetails.js.

Stage 2: Command execution and payload download

Stage 3: Python code execution (.npl)

North Korean Hackers Targeting Developers
Python execution .npl file contents

Stage 4: Python code execution (pay)

North Korean Hackers Targeting Developers
 Python file contents
North Korean Hackers Targeting Developers
MITRE ATT&CK Matrix