A program that automates the APT38 technique, which has been utilized to target cybersecurity researchers experts

Lazarus is a state-sponsored group affiliated with North Korea, has a well-documented track record of targeting cybersecurity researchers. Among their notable techniques, one stands out for its effectiveness in tricking numerous cybersecurity experts.

The attackers create multiple Twitter and other social media accounts to establish credibility. Through social engineering tactics, they manipulate security researchers into engaging in collaborative research using a Microsoft Visual Studio Project, the project contains a malicious code in the vcxproj file. Consequently, when the researcher attempts to build the project, the malicious code embedded within it is executed.

Upon execution within the Visual Studio projects directory, the program infects all vcxproj files by injecting custom code. This code is designed to execute when the individual attempts to build the project .