##

The North Korean hacking group Lazarus Group has launched a cyberattack dubbed "Operation 99" targeting Web3 and cryptocurrency developers. The attackers masquerade as recruiters, enticing developers on platforms like LinkedIn to participate in fake project testing and code reviews. This lures them into cloning a GitLab repository containing malicious code, which injects modular malware into the victim's system. This malware is cross-platform adaptable and can steal high-value data such as passwords, API keys, cryptocurrency wallet information, and maintains connections through heavily obfuscated command and control (C2) servers, maximizing its stealth.