Void Dokkaebi Uses Fake Job Interview Lure to Spread Malware via Code Repositories
ATT&CK techniques detected
T1059.007JavaScript
95%
“javascript injected into source code files ( flow 2 ) is part of a more complex approach. it functions as a multistage loader, which is designed to retrieve and execute payloads from blockchain infrastructure. it progresses through four stages, each employing layers of string shu…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1204.002Malicious File
45%
“to clone a code repository and review or run it as part of a technical assessment. the repositories are hosted on github, gitlab, or bitbucket, and appear to be legitimate coding projects. the delivery mechanism abuses vs code ’ s workspace task system, a technique that has been …”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
Our research on Void Dokkaebi’s operations uncovered a campaign that turns infected developer repositories into malware delivery channels. By spreading through trusted workflows, organizational codebases, and open-source projects, the threat can scale from a single compromise to a broader supply chain risk.