TLDR:
- Threat actors are using new social engineering tactics to attack developers by sending malicious JavaScript files disguised as part of a fake interview.
- The malware has evolved to include capabilities like persistent infection through Anydesk and exfiltration of sensitive data via FTP.
Threat actors are using new social engineering tactics to attack developers by masquerading as interviewers and sending a ZIP file containing a malicious JavaScript file disguised as part of a fake interview. The code in the JavaScript file is obfuscated to evade detection and reveals a C2 address for malicious tasks.
The malware has evolved to include capabilities like persistent infection through Anydesk and exfiltration of sensitive data via FTP. It employs advanced obfuscation techniques and class-based architecture to dynamically adapt to target systems and extract browser credentials from various web browsers across different operating systems.