Dark
Light

DEV#POPPER: New Social Engineering Tactics to Target Developers

1 min read
55 views



TLDR:

  • Threat actors are using new social engineering tactics to attack developers by sending malicious JavaScript files disguised as part of a fake interview.
  • The malware has evolved to include capabilities like persistent infection through Anydesk and exfiltration of sensitive data via FTP.

Threat actors are using new social engineering tactics to attack developers by masquerading as interviewers and sending a ZIP file containing a malicious JavaScript file disguised as part of a fake interview. The code in the JavaScript file is obfuscated to evade detection and reveals a C2 address for malicious tasks.

The malware has evolved to include capabilities like persistent infection through Anydesk and exfiltration of sensitive data via FTP. It employs advanced obfuscation techniques and class-based architecture to dynamically adapt to target systems and extract browser credentials from various web browsers across different operating systems.


Previous Story

Boosting women’s presence in the cybersecurity field

Next Story

Senate Committee approves bipartisan bill for federal cybersecurity regulations harmonization

Latest from News