Phony job propositions target software developers with data stealers

AndyC 3 March 2025

A group of activities seemingly linked to North Korea and monitored by ESET under the name DeceptiveDevelopment is siphoning funds from victims’ digital wallets and pilfering their access cred

Fake job offers target software developers with infostealers

A group of activities seemingly linked to North Korea and monitored by ESET under the name DeceptiveDevelopment is siphoning funds from victims’ digital wallets and pilfering their access credentials from internet browsers and password storage tools

Editor

20 Feb 2025

Researchers from ESET have detected a deceitful scheme in which threat actors aligned with North Korea, posing as recruitment specialists, are aiming at independent software developers with information-stealing malicious software.

The operations, dubbed as DeceptiveDevelopment and dating back to at least November 2023, involve targeted phishing messages circulated on platforms for job searches and freelancing, urging the recipients to complete a programming evaluation. The required files for the assignment are generally stored on restricted repositories like GitHub. Unfortunately, these files contain malware that ultimately enables the attackers to abscond with the victims’ access credentials and empty their digital currency wallets.

For a deeper insight into the strategies, methods, and practices of this campaign, watch the video featuring ESET’s Chief Security Evangelist Tony Anscombe and ensure to peruse the entire blogpost.

Engage with us on Facebook, XLinkedIn and Instagram.

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts

Tags: , , , , , , , , ,

More Stories

ESET Threat Report H2 2025

ESET Threat Report H2 2025

AndyC 17 December 2025
Black Hat Europe 2025: Was that device designed to be on the internet at all?

Black Hat Europe 2025: Was that device designed to be on the internet at all?

AndyC 16 December 2025
Black Hat Europe 2025: Was that device designed to be on the internet at all?

Black Hat Europe 2025: Was that device designed to be on the internet at all?

AndyC 16 December 2025
Black Hat Europe 2025: Was that device designed to be on the internet at all?

Black Hat Europe 2025: Was that device designed to be on the internet at all?

AndyC 16 December 2025
Black Hat Europe 2025: Was that device designed to be on the internet at all?

Black Hat Europe 2025: Was that device designed to be on the internet at all?

AndyC 16 December 2025
Black Hat Europe 2025: Was that device designed to be on the internet at all?

Black Hat Europe 2025: Was that device designed to be on the internet at all?

AndyC 16 December 2025

You may have missed

The 12 Months of Innovation: How Salt Security Helped Rewrite API & AI Security in 2025

Google Chrome Extension is Intercepting Millions of Users’ AI Chats

AndyC 18 December 2025
The 12 Months of Innovation: How Salt Security Helped Rewrite API & AI Security in 2025

How Passkeys Work (Explained Simply)

AndyC 18 December 2025
Server revenue hits record in Q3

Merriam-Webster names “slop” the word of the year 2025

AndyC 18 December 2025
Blog-9-300x200-1.jpg

Why “Strong Passwords” Aren’t Enough Anymore—and What to Do Instead

AndyC 18 December 2025
Askul data breach exposed over 700,000 records after ransomware attack

Askul data breach exposed over 700,000 records after ransomware attack

AndyC 18 December 2025

Subscribe To InfoSec Today News

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

World Wide Crypto will use the information you provide on this form to be in touch with you and to provide updates and marketing.