"The North Korea-linked threat actors associated with the Contagious Interview campaign have been attributed to a previously undocumented backdoor called AkdoorTea, along with tools like TsunamiKit and Tropidoor. Slovak cybersecurity firm ESET, which is tracking the activity under the name DeceptiveDevelopment, said the campaign targets software developers across all operating systems, Windows, Linux, and macOS, particularly those involved in cryptocurrency and Web3 projects. It's also referred to as DEV#POPPER, Famous Chollima, Gwisin Gang, Tenacious Pungsan, UNC5342, and Void Dokkaebi."
"The campaign essentially involves the impersonated recruiters offering what appear to be lucrative job roles over platforms like LinkedIn, Upwork, Freelancer, and Crypto Jobs List. After initial outreach, should the prospective target express interest in the opportunity, they are either asked to complete a video assessment by clicking on a link or a coding exercise. The programming assignment requires them to clone projects hosted on GitHub, which silently install malware."
North Korea-linked operators use a multi-platform toolset to target software developers across Windows, Linux, and macOS, with a focus on cryptocurrency and Web3 projects. The activity, tracked as DeceptiveDevelopment, employs impersonated recruiters on LinkedIn, Upwork, Freelancer, and Crypto Jobs List to lure victims with faux job offers. Targets are steered toward either a video assessment or a coding exercise; cloned GitHub projects and scripted installers are used to silently deploy malware. Delivered payloads include BeaverTail, InvisibleFerret, OtterCookie, GolangGhost (aka FlexibleFerret/WeaselStore), PylangGhost, and a previously undocumented backdoor named AkdoorTea.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]