North Korean hackers steal cryptocurrency from freelancers, including Ukrainian

< IMG SRC = "/Uploads/Blogs/78/EA/IB-FIC7SBCT_E0481C8B.jpg" Alt = "North Korean Hackers steal cryptocurrencies from freelancers, including Ukrainian"/~ 62 < p > North Korea hackers, under the guise of recruiters, targeted their attacks on Frilen's developers. About it with reference to the research of ESET writes Ukrainian IT media dev.ua, informs the Ukrainian merchant.

< P > most affected during 2024 as a result of malicious activity, called Deceptivedevelpment, freelancers from the United States, Canada and some European countries.

> < p >< strng > to which actions are the attackers 0 ~/p > < p >Hackers are in recruiters on social networks to target friders, especially those who work in cryptocurrency projects. The main purpose of attacks is to steal cryptocurrency, probably in order to increase North Korea's profit.

< p > malefactors copy or create images of recruiters and and & Rsquo; pursued with developers through platforms for job search such as Linkedin, Upwork and Freilaner.com, We Work Remotely, Moonlight and Cry. employment if they will pass the coding test.

< P > Test files are placed in private repositories on GitHub or similar platform, and when they are loaded, the malicious software of Beavertail is unfolding.

< p >Hackers often copy the goals of the projects without making any changes except for adding their malicious software and rewriting the Readme file. Usually hackers try to hide the harmful code somewhere in the project so that it does not cause suspicion or be easily noticeable, for example, in the internal code in the form of one line on a comment that displaces it outside the screen.

< P > Beavertail attaches browser databases for theft of credentials, as well as downloads the second stage of the campaign, InvisibleFerret, which acts as a backing, which allows the malefactor to install software for remote control of Anydesk for additional activity after compromise. /p > < p > attacks are exposed to Windows, Mac and Linux around the world. The target became both young and experienced developers.

< p > & laquo; we only observed conversations between attackers and victims of English, but we cannot confidently say that they will not use translation means to communicate with victims of other languages ​​& raquo; & ndash; Note the researchers of ESET.

< p > Another way they observed was that fake recruiter invited the victim to interview with an online conference platform and provided a link to the website from which the necessary software could be downloaded conferences. This website is usually a clone of the existing platform for conferences, and downloaded software contains the first stage of harmful software.