A new malware campaign targeting freelance developers has been using deceptive job advertisements to trick them into downloading malicious software disguised as legitimate tools.
The campaign primarily spreads through GitHub repositories and relies on freelancers’ eagerness to secure remote work opportunities.
The attackers pose as reputable companies, offering freelance developers attractive job opportunities. To make their deception convincing, they set up fake websites and distribute malicious software under the guise of professional development tools.
Once downloaded, the malware can compromise the victim’s system, allowing attackers to steal credentials or install additional payloads.
ESET researchers have linked the campaign to a threat actor they call “DeceptiveDevelopment.” The group specializes in targeting freelance platforms and coding communities to spread malware. Victims are often directed to GitHub, where malicious repositories host tools laden with hidden threats.
“DeceptiveDevelopment was first publicly described by Phylum and Unit 42 in 2023 and has already been partially documented under the names Contagious Interview and DEV#POPPER,” ESET wrote.
“We have conducted further analysis of this activity cluster and its operator’s initial access methods, network infrastructure, and toolset, including new versions of the two malware families used by DeceptiveDevelopment – InvisibleFerret and […] BeaverTail.”
No tags.
