DeceptiveDevelopment targets freelance developers
www.welivesecurity.com
ESET researchers have observed a cluster of North Korea-aligned activities that they named DeceptiveDevelopment and where its operators pose as headhunters and serve their targets with software projects that conceal infostealing malware.
  • DeceptiveDevelopment targets freelance software developers through spearphishing on job-hunting and freelancing sites, aiming to steal cryptocurrency wallets and login information from browsers and password managers.
  • Active since at least November 2023, this operation primarily uses two malware families – BeaverTail (infostealer, downloader) and InvisibleFerret (infostealer, RAT).
  • DeceptiveDevelopment’s tactics, techniques, and procedures (TTPs) are similar to several other known North Korea-aligned operations.