Carding Forum
Professional
- Messages
- 2,788
- Reaction score
- 1,177
- Points
- 113
The test task turned out to be a hack.
In recent months, the world has faced a new campaign of North Korean hackers. The DEV#POPPER campaign targets software developers and targets victims in South Korea, North America, Europe, and the Middle East. Securonix specialists told about the new operation of cybercriminals.
Hackers use social engineering techniques, pretending to be employers and offering developers to download malware from GitHub under the guise of a test task. The malware is an updated version of BeaverTail and runs on Windows, Linux, and macOS operating systems.
The campaign shares common features with another well-known attack, Contagious Interview, which targets Windows and macOS. The updated version of the BeaverTail malware uses masking methods and is distributed via a ZIP archive containing an npm module.
After installation, the malware detects the operating system and communicates with the remote server to exfiltrate data (via the npm module). The malware can also download an additional Python backdoor called InvisibleFerret, which collects system data, cookies, executes commands, uploads and downloads files, and records keystrokes and clipboard contents.
Recent versions of the software have improved masking and use AnyDesk for remote monitoring and resilience, as well as improvements to the FTP mechanism for data extraction. The Python script also acts as a channel for running an auxiliary script that is responsible for stealing confidential information from various web browsers-Google Chrome, Opera, and Brave.
To protect yourself, you need to critically evaluate any offers and files related to interviews, and always verify the authenticity of sources before installing software, even if it seems legitimate.
Source
In recent months, the world has faced a new campaign of North Korean hackers. The DEV#POPPER campaign targets software developers and targets victims in South Korea, North America, Europe, and the Middle East. Securonix specialists told about the new operation of cybercriminals.
Hackers use social engineering techniques, pretending to be employers and offering developers to download malware from GitHub under the guise of a test task. The malware is an updated version of BeaverTail and runs on Windows, Linux, and macOS operating systems.
The campaign shares common features with another well-known attack, Contagious Interview, which targets Windows and macOS. The updated version of the BeaverTail malware uses masking methods and is distributed via a ZIP archive containing an npm module.
After installation, the malware detects the operating system and communicates with the remote server to exfiltrate data (via the npm module). The malware can also download an additional Python backdoor called InvisibleFerret, which collects system data, cookies, executes commands, uploads and downloads files, and records keystrokes and clipboard contents.
Recent versions of the software have improved masking and use AnyDesk for remote monitoring and resilience, as well as improvements to the FTP mechanism for data extraction. The Python script also acts as a channel for running an auxiliary script that is responsible for stealing confidential information from various web browsers-Google Chrome, Opera, and Brave.
To protect yourself, you need to critically evaluate any offers and files related to interviews, and always verify the authenticity of sources before installing software, even if it seems legitimate.
Source
