Analysis of DEV#POPPER: New Attack Campaign Targeting Software Developers Likely Associated With North Korean Threat Actors
released on 2024-04-29 @ 06:38:29 PM
This report delves into an ongoing social engineering attack campaign, codenamed DEV#POPPER, likely orchestrated by North Korean threat actors, targeting software developers through fake job interviews. The attackers trick the developers into downloading and executing malicious Python-based RAT disguised as benign software. The report meticulously dissects the attack chain, uncovering its stages, from a malicious NPM package to command execution, payload download, and the RAT's capabilities, including system information gathering, remote command execution, data exfiltration, and keystroke logging.