North Korea-aligned cybercriminals are targeting freelance software developers through fake job offers and coding challenges containing malware. The campaign, dubbed DeceptiveDevelopment, uses two main malware families – BeaverTail and InvisibleFerret – to steal cryptocurrency wallets and login credentials. Attackers pose as recruiters on platforms like LinkedIn and GitHub, providing trojanized projects as part of fake interview processes. The malware steals browser data, cryptocurrency wallets, and system information, and can deploy remote access tools. Hundreds of victims globally have been observed across Windows, Linux and macOS systems. The operation shows increasing sophistication and is expected to continue evolving its tactics to target cryptocurrency users. Author: AlienVault
Related Tags:
job scams
T1555.001
T1585.001
T1564.003
T1566.003
T1583.003
T1059.007
T1564.001
T1608.001
Associated Indicators:
61E93E0FA6EA4713DD68D9D8B40A6814534A80E2DFF1C62A6E64F93DEBF65A71
9F24F2E82AC7176F82969081A7C56C670518DCC475D5B8193135F1887A8392D5
0D8119F01D727BEACBE6FE877541B3C11B084FFDC53C8BAE436ACA3DBC197076
6F049D8A0723DF10144CB51A43CE15147634FAFE
48E75D6E2BDB2B00ECBF4801A98F96732E397858
380BD7EDA453487CF11509D548EF5E5A666ACD95
7C5B2CAFAEABBCEB9765D20C6A323A07FA928624
EC8B6A0A7A7407CA3CD18DE5F93489166996116C
7C8724B75BF7A9B8F27F5E86AAC9445AAFCCB6AC