A North Korean threat actor dubbed “DeceptiveDevelopment” is using various social engineering techniques to target job seekers, according to researchers at ESET. The group uses data stolen in this operation to support North Korea’s fraudulent IT worker operations.
“DeceptiveDevelopment operators use various methods to compromise their victims, relying on clever social engineering tricks,” the researchers write. “Via both fake and hijacked profiles, they pose as recruiters on platforms like LinkedIn, Upwork, Freelancer, and Crypto Jobs List. They offer fake lucrative job opportunities to attract their targets’ interest. Victims are requested to participate in a coding challenge or a pre-interview task.
“The task involves downloading a project from private GitHub, GitLab, or Bitbucket repositories. These repositories contain trojanized code, often hidden cleverly in long comments displayed well beyond the right-hand edge of a code browser or editor window. Participation in the task triggers the execution of BeaverTail, the first-stage malware.”
The threat actors also use the ClickFix social engineering tactic, in which the user is tricked into copying and pasting a malicious command into their computer’s terminal.
“The attackers direct the victim to a fake job interview website, containing an application form that they are asked to complete,” ESET explains. “The application form contains a few lengthy questions related to the applicant’s identity and qualifications, leading the victim to put significant time and effort into filling in the form and making them feel like they are almost done, and therefore more likely to fall for the trap.
“In the final step of the application, the victim is asked to record a video of them answering the final question. The site triggers a pop-up asking the victim to allow camera access, but the camera is never actually accessed. Instead, an error message appears saying that access to the camera or microphone is currently blocked and offers a ‘How to fix’ link. That link leads to a pop-up employing the ClickFix social engineering technique.”
KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 HRM+ platform to strengthen their security culture and reduce human risk.
ESET has the story.
Here's how it works:
