DeceptiveDevelopment targets freelance developers

DeceptiveDevelopment, a North Korea-aligned activity cluster, targets freelance software developers, particularly those involved in cryptocurrency projects. The attackers use fake recruiter profiles on job-hunting and freelancing sites to send trojanized codebases, disguised as job challenges or bug fixes, containing infostealer malware like BeaverTail and InvisibleFerret. The malware aims to steal cryptocurrency wallets and login information from browsers and password managers.