##

Recently, the North Korean hacking group Lazarus Group launched a cyberattack called "Operation 99" targeting Web3 and cryptocurrency developers. Attackers disguised themselves as recruiters, posting fake job postings on platforms like LinkedIn, luring developers into participating in disguised project testing and code reviews. Once developers took the bait, they were directed to clone a GitLab repository containing malicious code, which implanted modular malware into their systems. This malware is capable of stealing high-value data such as passwords, API keys, cryptocurrency wallet information, and maintains connections through highly obfuscated command and control (C2) servers to maximize stealth. SlowMist CISO 23pds reminds developers to stay vigilant, avoid clicking suspicious links, and update their security software regularly.