Mastodawn

DeceptiveDevelopment, la nuova indagine di ESET Research sul cybercrime nordcoreano legato al furto di criptovalute: I ricercatori di ESET, hanno diffuso nuove scoperte su DeceptiveDevelopment, conosciuto anche come Contagious Interview: un gruppo di minaccia allineato alla Corea...
#ESET #DeceptiveDevelopment #malware #furtocriptovalute #cybersecurity http://dlvr.it/TNnfNp

secsolution Jun 2, 2025

ESET APT Report: gli attacchi informatici russi in Ucraina si intensificano: Nel suo ultimo report, dal titolo "APT Activity Report", vengono analizzate le attivita’ di alcuni gruppi APT documentate dai ricercatori di ESET tra ottobre 2024 e...
#ESET #ESETAPTReport #cybersecurity #DeceptiveDevelopment #infrastrutturecritiche http://dlvr.it/TL6LHM

lazarusholic May 19, 2025

"ESET APT Activity Report Q4 2024–Q1 2025" published by ESET. #Bybit, #DeceptiveDevelopment, #Kimsuky, #Konni, #Trend, #DPRK, #CTI https://www.welivesecurity.com/en/eset-research/eset-apt-activity-report-q4-2024-q1-2025/

ESET APT Activity Report Q4 2024–Q1 2025

This issue of the ESET APT Activity Report reviews notable activities of APT group that were documented by ESET researchers from October 2024 until March 2025.

lazarusholic Feb 20, 2025

"DeceptiveDevelopment targets freelance developers" published by ESET. #BeaverTail, #DeceptiveDevelopment, #InvisibleFerret, #DPRK, #CTI https://www.welivesecurity.com/en/eset-research/deceptivedevelopment-targets-freelance-developers/

DeceptiveDevelopment targets freelance developers

ESET researchers have observed a cluster of North Korea-aligned activities that they named DeceptiveDevelopment and where its operators pose as headhunters and serve their targets with software projects that conceal infostealing malware.

ESET Research Feb 20, 2025

#ESETresearch analyzed a campaign by #DeceptiveDevelopment targeting developers with trojanized coding tests. Posing as recruiters, the operators approach their targets on job-hunting platforms, aiming to steal their cryptocurrency wallets and more.

https://www.welivesecurity.com/en/eset-research/deceptivedevelopment-targets-freelance-developers/

DeceptiveDevelopment is a 🇰🇵-aligned activity cluster. The attackers target software developers on 🪟 Windows, 🐧Linux, and 🍎 macOS, regardless of geographical location, in order to maximize profits.

The campaign primarily uses two malware families – the first, 🦫 BeaverTail, acts as a simple login stealer, extracting browser databases containing saved logins, and is a downloader for the second stage, InvisibleFerret.

InvisibleFerret is modular 🐍 Python-based malware that includes spyware and backdoor components, and is also capable of downloading the legitimate AnyDesk remote management and monitoring software for post-compromise activities.

While DeceptiveDevelopment’s toolset has already been analyzed by https://x.com/Unit42_Intel and https://x.com/GroupIB_TI, our analysis contains details that have not been publicly reported before.

You can find the IoCs in our GitHub repo:
https://github.com/eset/malware-ioc/tree/master/deceptivedevelopment