Security News > 2024 > July > North Korea-Linked Malware Targets Developers on Windows, Linux, and macOS

The threat actors behind an ongoing malware campaign targeting software developers have demonstrated new malware and tactics, expanding their focus to include Windows, Linux, and macOS systems.

DEV#POPPER is the moniker assigned to an active malware campaign that tricks software developers into downloading booby-trapped software hosted on GitHub under the guise of a job interview.

Signs that the campaign was broader and cross-platform in scope emerged earlier this month when researchers uncovered artifacts targeting both Windows and macOS that delivered an updated version of a malware called BeaverTail.

New features added to the recent samples include the use of enhanced obfuscation, AnyDesk remote monitoring and management software for persistence, and improvements to the FTP mechanism employed for data exfiltration.

The Python script acts as a conduit to run an ancillary script that's responsible for stealing sensitive information from various web browsers - Google Chrome, Opera, and Brave - across different operating systems.

"This sophisticated extension to the original DEV#POPPER campaign continues to leverage Python scripts to execute a multi-stage attack focused on exfiltrating sensitive information from victims, though now with much more robust capabilities," the researchers said.

News URL

https://thehackernews.com/2024/07/north-korea-linked-malware-targets.html