Security News > 2024 > July > North Korea-Linked Malware Targets Developers on Windows, Linux, and macOS
The threat actors behind an ongoing malware campaign targeting software developers have demonstrated new malware and tactics, expanding their focus to include Windows, Linux, and macOS systems.
DEV#POPPER is the moniker assigned to an active malware campaign that tricks software developers into downloading booby-trapped software hosted on GitHub under the guise of a job interview.
Signs that the campaign was broader and cross-platform in scope emerged earlier this month when researchers uncovered artifacts targeting both Windows and macOS that delivered an updated version of a malware called BeaverTail.
New features added to the recent samples include the use of enhanced obfuscation, AnyDesk remote monitoring and management software for persistence, and improvements to the FTP mechanism employed for data exfiltration.
The Python script acts as a conduit to run an ancillary script that's responsible for stealing sensitive information from various web browsers - Google Chrome, Opera, and Brave - across different operating systems.
"This sophisticated extension to the original DEV#POPPER campaign continues to leverage Python scripts to execute a multi-stage attack focused on exfiltrating sensitive information from victims, though now with much more robust capabilities," the researchers said.
News URL
https://thehackernews.com/2024/07/north-korea-linked-malware-targets.html
Related news
- New Linux malware is controlled through emojis sent from Discord (source)
- Clever macOS malware delivery campaign targets cryptocurrency users (source)
- New Ransomware-as-a-Service 'Eldorado' Targets Windows and Linux Systems (source)
- Windows MSHTML zero-day used in malware attacks for over a year (source)
- Facebook ads for Windows desktop themes push info-stealing malware (source)
- North Korean Hackers Update BeaverTail Malware to Target MacOS Users (source)
- North Korea likely behind takedown of Indian crypto exchange WazirX (source)
- 0.0.0.0 Day: 18-Year-Old Browser Vulnerability Impacts MacOS and Linux Devices (source)
- US 'laptop farm' man accused of outsourcing his IT jobs to North Korea to fund weapons programs (source)