Security News > 2024 > July > North Korea-Linked Malware Targets Developers on Windows, Linux, and macOS

The threat actors behind an ongoing malware campaign targeting software developers have demonstrated new malware and tactics, expanding their focus to include Windows, Linux, and macOS systems.
DEV#POPPER is the moniker assigned to an active malware campaign that tricks software developers into downloading booby-trapped software hosted on GitHub under the guise of a job interview.
Signs that the campaign was broader and cross-platform in scope emerged earlier this month when researchers uncovered artifacts targeting both Windows and macOS that delivered an updated version of a malware called BeaverTail.
New features added to the recent samples include the use of enhanced obfuscation, AnyDesk remote monitoring and management software for persistence, and improvements to the FTP mechanism employed for data exfiltration.
The Python script acts as a conduit to run an ancillary script that's responsible for stealing sensitive information from various web browsers - Google Chrome, Opera, and Brave - across different operating systems.
"This sophisticated extension to the original DEV#POPPER campaign continues to leverage Python scripts to execute a multi-stage attack focused on exfiltrating sensitive information from victims, though now with much more robust capabilities," the researchers said.
News URL
https://thehackernews.com/2024/07/north-korea-linked-malware-targets.html
Related news
- Seven Malicious Go Packages Found Deploying Malware on Linux and macOS Systems (source)
- North Korea’s ScarCruft Deploys KoSpy Malware, Spying on Android Users via Fake Utility Apps (source)
- New Linux Malware ‘Auto-Color’ Grants Hackers Full Remote Access to Compromised Systems (source)
- Bybit declares war on North Korea's Lazarus crime-ring to regain $1.5B stolen from wallet (source)
- FBI officially fingers North Korea for $1.5B Bybit crypto-burglary (source)
- $1.5B Bybit Hack is Linked to North Korea, FBI Says, in Potentially the Largest Crypto Heist Ever (source)
- China, Russia, Iran, and North Korea Intelligence Sharing (source)
- Steam pulls game demo infecting Windows with info-stealing malware (source)
- U.S. Treasury Lifts Tornado Cash Sanctions Amid North Korea Money Laundering Probe (source)
- EncryptHub Exploits Windows Zero-Day to Deploy Rhadamanthys and StealC Malware (source)