SecurityWeek reports that North Korean hackers have leveraged fraudulent job offers to compromise freelance software developers with malicious payloads as part of the DeceptiveDevelopment attack campaign, which has been under way since early last year.ESET reported that intrusions involved the posting of fake job offers on job-hunting platforms LinkedIn, Upwork, Moonlight, and others aimed at luring developers into downloading a malicious software project, including the BeaverTail information-stealing malware that deploys the InvisibleFerret spyware that enables cryptocurrency wallet and credential compromise and additional malicious tool injections.Further examination showed the campaign’s usage of two BeaverTail iterations for browser data exfiltration, as well as InvisibleFerret’s support for shell command execution, keylogger theft, clipboard data pilfering, and additional module delivery.”The DeceptiveDevelopment cluster is an addition to an already large collection of money-making schemes employed by North Korea-aligned actors and conforms to an ongoing trend of shifting focus from traditional money to cryptocurrencies,” said ESET.
Source: North Korean Malware Campaign Target Freelance Developers
