lazarusholic

2025-02-20, ESET
https://www.welivesecurity.com/en/eset-research/deceptivedevelopment-targets-freelance-developers/
#BeaverTail #DeceptiveDevelopment #InvisibleFerret

Cybercriminals have been known to approach their targets under the guise of company recruiters, enticing them with fake employment offers. After all, what better time to strike than when the potential victim is distracted by the possibility of getting a job? Since early 2024, ESET researchers have observed a series of malicious North Korea-aligned activities, where the operators, posing as headhunters, try to serve their targets with software projects that conceal infostealing malware. We call this activity cluster DeceptiveDevelopment.
As part of a fake job interview process, the DeceptiveDevelopment operators ask their targets to do a coding test, such as adding a feature to an existing project, with the files necessary for the task usually hosted on private repositories on GitHub or other similar platforms. Unfortunately for the eager work candidate, these files are trojanized: once they download and execute the project, the victim’s computer gets compromised with the operation’s first-stage …

http://67.203.7.171
http://135.125.248.56
http://ip-api.com/json
http://mirotalk.net
http://147.124.214.129
http://45.61.131.218
http://95.164.17.24
http://ipcheck.cloud
http://147.124.214.237
http://185.235.241.208
http://23.106.253.194
67.203.7.17
147.124.214.129
95.164.17.24
147.124.214.237
23.106.253.194
185.235.241.208
135.125.248.56
45.61.131.218