Discover how a North Korea-aligned activity cluster known as DeceptiveDevelopment is targeting freelance software developers, stealing their login details and draining their crypto wallets
Published on: 20 Feb 2025
Attention freelance software developers! ESET researchers have uncovered a disturbing trend where threat actors linked to North Korea pose as headhunters to distribute malware that steals your sensitive information. This campaign, known as DeceptiveDevelopment, has been active since November 2023.
The attackers use spearphishing messages on job-hunting and freelancing platforms, requesting coding tests from their targets. These tests contain malware hidden within the files, allowing the malicious actors to access victims’ login credentials and empty their cryptocurrency wallets.
Want to learn more about the tactics employed in this campaign? Watch ESET’s Chief Security Evangelist, Tony Anscombe, discuss the details in the video below. Make sure to also read the full blogpost for a comprehensive understanding.
Stay connected with us on Facebook, X, LinkedIn, and Instagram.
