Windows, macOS, and Linux systems have been targeted by North Korea-linked threat actors with novel malware and attack techniques as part of an expanded active DEV#POPPER malware campaign discovered earlier this month, The Hacker News reports.
New DEV#POPPER attacks involved the utilization of interview lures to developers aimed at distributing a ZIP archive file, which when executed triggers the BeaverTail malware, which not only identifies targeted devices' operating systems but also facilitates the delivery of the data exfiltrating InvisibleFerret backdoor and other next-stage payloads, an analysis from Securonix revealed. Additional obfuscation and persistence techniques have also been leveraged in the recent intrusions, which also resulted in the theft of sensitive browser-stored data, researchers reported. "This sophisticated extension to the original DEV#POPPER campaign continues to leverage Python scripts to execute a multi-stage attack focused on exfiltrating sensitive information from victims, though now with much more robust capabilities," said researchers.
