Intrusions involved the posting of fake job opportunities on job-hunting platforms LinkedIn, Upwork, Moonlight, and others aimed at luring developers into downloading a malicious software project including the BeaverTail information-stealing malware that eventually deploys the InvisibleFerret spyware to enable not only cryptocurrency wallet and credential compromise but also additional malicious tool injections, according to an analysis from ESET.
Further examination showed the campaign’s usage of two BeaverTail iterations for browser data exfiltration, as well as InvisibleFerret’s support for shell command execution, keylogger theft, clipboard data pilfering, and additional module delivery.”The DeceptiveDevelopment cluster is an addition to an already large collection of money-making schemes employed by North Korea-aligned actors and conforms to an ongoing trend of shifting focus from traditional money to cryptocurrencies,” said ESET.
