A group of activities aligned with North Korea tracked by ESET as DeceptiveDevelopment siphons digital assets from victims’ crypto wallets and swipes their login credentials from web browsers and password managers
20 Feb 2025
Researchers at ESET have detected a deceitful scheme in which threat actors connected with North Korea, impersonating recruiters, aim at independent software developers with information-stealing malicious software.
The operations – dubbed DeceptiveDevelopment and dating back to at least November 2023 – involve targeted phishing messages circulating on employment and freelance platforms, instructing the victims to complete a coding assessment. The necessary files for the task are often stored on private repositories like GitHub. Unfortunately, these files are contaminated with malware, allowing the attackers to extract the login credentials of the victims and deplete their digital currency holdings.
Do you want to delve deeper into the strategies, methodologies, and protocols of this campaign? Gain insights from ESET’s Chief Security Evangelist Tony Anscombe in the video and don’t miss the complete blogpost.
About Author
