According to TechRadar , cybersecurity experts from ESET have discovered a new campaign called DeceptiveDevelopment from hacker groups believed to be from North Korea. These groups will impersonate recruiters on social networks to approach freelance programmers, especially those working on projects related to cryptocurrencies.
The demand for freelance programmers is increasing, but it also comes with security risks when hackers take advantage of recruitment platforms to spread malware.
The main goal of this campaign is to steal cryptocurrency, hackers will copy or create fake profiles of employers and contact programmers through recruitment platforms such as LinkedIn, Upwork, or Freelancer.com. They will invite programmers to take a programming skills test as a condition of being hired.
These tests typically revolve around cryptocurrency projects, blockchain-based games, or cryptocurrency gambling platforms. The test files are stored on private repositories like GitHub. When the victim downloads and runs the project, a malware called BeaverTail is activated.
Hackers typically don't make many changes to the original project's source code, but instead add malicious code in hard-to-detect locations, such as in the backend or hidden in comments. When executed, BeaverTail attempts to exfiltrate data from the browser to steal login credentials, and also downloads a second piece of malware called InvisibleFerret, which acts as a backdoor, allowing the attacker to install AnyDesk, a remote management tool that can perform additional operations after the intrusion.
The attack campaign can affect users on Windows, macOS, and Linux operating systems. Experts have recorded victims worldwide, ranging from novice programmers to seasoned professionals. The DeceptiveDevelopment campaign has many similarities to Operation DreamJob, an earlier campaign by hackers targeting aerospace and defense industry employees to steal confidential information.
Source: https://thanhnien.vn/lap-trinh-vien-tu-do-tro-thanh-muc-tieu-cua-tin-tac-185250221233033942.htm
![[Photo] General Secretary To Lam meets former British Prime Minister Tony Blair](https://vphoto.vietnam.vn/thumb/1200x675/vietnam/resource/IMAGE/2025/10/30/1761821573624_tbt-tl1-jpg.webp)
![[Photo] The Third Patriotic Emulation Congress of the Central Internal Affairs Commission](https://vphoto.vietnam.vn/thumb/1200x675/vietnam/resource/IMAGE/2025/10/30/1761831176178_dh-thi-dua-yeu-nuoc-5076-2710-jpg.webp)
![[Photo] General Secretary To Lam attends the Vietnam-UK High-Level Economic Conference](https://vphoto.vietnam.vn/thumb/1200x675/vietnam/resource/IMAGE/2025/10/30/1761825773922_anh-1-3371-jpg.webp)
![[Photo] Touching scene of thousands of people saving the embankment from the raging water](https://vphoto.vietnam.vn/thumb/1200x675/vietnam/resource/IMAGE/2025/10/30/1761825173837_ndo_br_ho-de-3-jpg.webp)
![[Photo] National Assembly Chairman Tran Thanh Man receives foreign ambassadors who came to say goodbye](https://vphoto.vietnam.vn/thumb/1200x675/vietnam/resource/IMAGE/2025/10/30/1761820977744_ndo_br_1-jpg.webp)
Comment (0)