"Initially detailed in February but ongoing since at least 2023, the DeceptiveDevelopment campaign targets developers associated with cryptocurrency and decentralized finance projects with fake job offers aimed at information theft and malware infection. Similar to Operation Dream Job, Contagious Interview, and ClickFake Interview, DeceptiveDevelopment relies on fake announcements on popular platforms such as LinkedIn, Upwork, Freelancer.com, and others to lure developers."
"According to ESET, these campaigns serve a secondary purpose as well: the fake recruiters harvest developer identities and hand them over to groups associated with fraudulent North Korean IT workers, which use the information to pose as job seekers and land remote work at unsuspecting companies. "To secure a real job position, they may employ several tactics, including proxy interviewing, using stolen identities, and fabricating synthetic identities with AI-driven tools," ESET notes."
DeceptiveDevelopment targets developers in cryptocurrency and decentralized finance through fake job offers posted on platforms like LinkedIn, Upwork, and Freelancer.com. Victims who engage with fake recruiters are invited to interviews and tricked into executing malware such as BeaverTail, InvisibleFerret, OtterCookie, and previously WeaselStore. Primary objectives include financial gain through stealing cryptocurrency assets or infiltrating organizations. A secondary objective involves harvesting developer identities and supplying them to groups posing as fraudulent North Korean IT workers who then use proxy interviewing, stolen identities, or AI-fabricated synthetic identities to obtain remote jobs at unsuspecting companies.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]