Targeting of freelance developers

SUMMARY :

North Korea-aligned cybercriminals are targeting freelance software developers through fake job offers and coding challenges containing malware. The campaign, dubbed DeceptiveDevelopment, uses two main malware families - BeaverTail and InvisibleFerret - to steal cryptocurrency wallets and login credentials. Attackers pose as recruiters on platforms like LinkedIn and GitHub, providing trojanized projects as part of fake interview processes. The malware steals browser data, cryptocurrency wallets, and system information, and can deploy remote access tools. Hundreds of victims globally have been observed across Windows, Linux and macOS systems. The operation shows increasing sophistication and is expected to continue evolving its tactics to target cryptocurrency users.

OPENCTI LABELS :

infostealer,north korea,cryptocurrency,spearphishing,beavertail,invisibleferret,job scams,freelancers


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Targeting of freelance developers