Threat instead of a vacancy: a new spy program is aimed at developers

< img src = "/uploads/blogs/cc/f1/ib-FQDHMIOK5_EF7B2715.jpg" Alt = "Threat Instead of vacancies: New spy program is aimed at developers"/> ~ ~ ~ ~ < P > ESET has found the spread of spy malicious software under the guise of false vacancies. Harmful activity is aimed at frylanters to steal cryptocurrency wallet data, as well as accounting information from browsers and password managers.

< p >In particular, the cybercriminals, when recruiting from hiring in an IT company, sent candidates files with spying malicious software under the guise of test projects. For this, the attackers used platforms such as LinkedIn, Upwork, Freelaner.com, We Work Remotely, Moonlight and Crypto Jobs List. ~ ~ < p > The activity of the attackers has no geographical patterns in the choice of victims, but they seek to compromise as many devices as possible to increase the likelihood of successful theft of funds and information.

~ < p >< i > “< i > in 0 > i > & nbsp; Frames Fake 0 > 62 ~ 0 > I > & nbsp; interviews & nbsp; 62 ~ i > cybercrimini & nbsp; 62 ~ i > ask & nbsp; 62 ~ ~ i > potential victims < i > & nbsp; pass the test 62 ~ i ~ i > Task < i > & nbsp; from encoding, for example, add a feature to an existing About < i > is 0 > 62 ~ CTU 62 > I > 60 ~/i >< i >& nbsp; thus required for the task files are usually placed in private repositories on github or other similar platforms. & nbsp; 0 ~ i ~ i > C < i > and 0 ~ ~ i > & nbsp; files are actually Trojans < i >: & nbsp; 62 ~ ~ i > after & nbsp; < /i >< i > Download 0 > i > amp; nbsp; 62 > i > and Complete < i > amp; nbsp; 62 ~ i ~ I > Project 0 > I > in < i >, Compl & Rsquo; Victim Uuter becomes compromised ”, & nbsp; & ndash; ndash; explains Maei Khavranek, researcher ESET.

~ ~ ~ ~ > 62 ~ < p > This activity is that ESET researchers have named Deceptivedevelpment, PV & Rsquo; Rsquo; Deceptivedevelpment is mainly aimed at software developers for Windows, Linux and MacOS. The attackers are engaged in cryptocurrency theft first of all & nbsp; < b > for financial benefit ~, as well as with possible & nbsp; < b > secondary purpose of cyberbushing 60 ~/p > ~ > 62 > 62 > 62 > 62 > 62 < P > To gain themselves as recruiters, malefactors copy existing profiles, create fake personalities or use broken real people accounts. Then they either directly turn to potential victims on platforms to find work and freelance, or place fake vacancies there.

< P > DECEPTIVEDEVELOPment malefactors mainly use two families of harmful programs as part of their activities and use them in two stages. The first stage uses Beavertail, which works as a simple login theft and receives browser databases containing saved credentials. For the second stage & nbsp; Nbsp; InvisibleFerret is used, which includes spy software and Becdora components, as well as capable of downloading legitimate Anydesk software for remote control and monitoring after a device compromise.

< i > “Deceptivedevelpment is a supplement to already large 62 > i ~ 62 60 ~ i > Schemes earning money, & nbsp; 0 ~ ~ i > which 0 ~ ~ i > & nbsp; use stored < i > & nbsp; cybercrimini 0 ~ ~ i >, linked; rsquo; ~ 62 ~ i > and 62 ~ i > & nbsp; corresponds to a constant trend of shift of attention from traditional money on cryptocurrencies “, & nbsp;- summarizes Maei Havrantek, researcher ESET.

~