{"id":13134,"date":"2025-01-27T14:28:03","date_gmt":"2025-01-27T21:28:03","guid":{"rendered":"https:\/\/mattfife.com\/?p=13134"},"modified":"2025-01-04T14:40:51","modified_gmt":"2025-01-04T21:40:51","slug":"more-hacking-attacks-on-developers","status":"publish","type":"post","link":"https:\/\/mattfife.com\/?p=13134","title":{"rendered":"More Hacking attacks on Developers"},"content":{"rendered":"\n<p>A new campaign tracked as \u201cDev Popper\u201d is a sophisticated, multi-stage infection chain based on social engineering. Attackers target software developers with fake job interviews in an attempt to trick them into installing a Python remote access trojan.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full is-resized\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" width=\"512\" height=\"768\" data-attachment-id=\"13135\" data-permalink=\"https:\/\/mattfife.com\/?attachment_id=13135\" data-orig-file=\"https:\/\/i0.wp.com\/mattfife.com\/wp-content\/themes\/mattTheme\/headerimgs\/2025\/01\/00027-455084247.png?fit=512%2C768&amp;ssl=1\" data-orig-size=\"512,768\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"00027-455084247\" data-image-description=\"\" data-image-caption=\"\" data-large-file=\"https:\/\/i0.wp.com\/mattfife.com\/wp-content\/themes\/mattTheme\/headerimgs\/2025\/01\/00027-455084247.png?fit=512%2C768&amp;ssl=1\" src=\"https:\/\/i0.wp.com\/mattfife.com\/wp-content\/themes\/mattTheme\/headerimgs\/2025\/01\/00027-455084247.png?resize=512%2C768&#038;ssl=1\" alt=\"\" class=\"wp-image-13135\" style=\"width:422px;height:auto\" srcset=\"https:\/\/i0.wp.com\/mattfife.com\/wp-content\/themes\/mattTheme\/headerimgs\/2025\/01\/00027-455084247.png?w=512&amp;ssl=1 512w, https:\/\/i0.wp.com\/mattfife.com\/wp-content\/themes\/mattTheme\/headerimgs\/2025\/01\/00027-455084247.png?resize=200%2C300&amp;ssl=1 200w, https:\/\/i0.wp.com\/mattfife.com\/wp-content\/themes\/mattTheme\/headerimgs\/2025\/01\/00027-455084247.png?resize=180%2C270&amp;ssl=1 180w\" sizes=\"auto, (max-width: 512px) 100vw, 512px\" \/><\/figure>\n<\/div>\n\n\n<p>The target developers are asked to perform\u00a0tasks supposedly related to the interview by downloading and running code for the interview. The code is infected with obfuscated code\/packages that downloads additional binaries that complete the infection. The threat actor&#8217;s goal is make their targets\u00a0download malicious software that gathers system information and enables remote access to the host.<\/p>\n\n\n\n<p><a href=\"https:\/\/www.securonix.com\/blog\/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors\/\" data-type=\"link\" data-id=\"https:\/\/www.securonix.com\/blog\/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors\/\">According to Securonix analys of Dev Popper<\/a>, the campaign is likely orchestrated by North Korean threat actors based on the observed tactics. The connections are not strong enough for attribution, though.<\/p>\n\n\n\n<p>Articles:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/fake-job-interviews-target-developers-with-new-python-backdoor\/amp\/\">https:\/\/www.bleepingcomputer.com\/news\/security\/fake-job-interviews-target-developers-with-new-python-backdoor\/amp\/<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.securonix.com\/blog\/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors\/\">https:\/\/www.securonix.com\/blog\/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors\/<\/a><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>A new campaign tracked as \u201cDev Popper\u201d is a sophisticated, multi-stage infection chain based on social engineering. Attackers target software developers with fake job interviews in an attempt to trick them into installing a Python remote access trojan. The target developers are asked to perform\u00a0tasks supposedly related to the interview by downloading and running code for the interview. The code is infected with obfuscated code\/packages that downloads additional binaries that complete the infection. The threat actor&#8217;s goal is make their&#8230;<\/p>\n<p class=\"read-more\"><a class=\"btn btn-default\" href=\"https:\/\/mattfife.com\/?p=13134\"> Read More<span class=\"screen-reader-text\">  Read More<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[9],"tags":[],"class_list":["post-13134","post","type-post","status-publish","format-standard","hentry","category-cool"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p4WECr-3pQ","jetpack-related-posts":[],"_links":{"self":[{"href":"https:\/\/mattfife.com\/index.php?rest_route=\/wp\/v2\/posts\/13134","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mattfife.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mattfife.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mattfife.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/mattfife.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=13134"}],"version-history":[{"count":1,"href":"https:\/\/mattfife.com\/index.php?rest_route=\/wp\/v2\/posts\/13134\/revisions"}],"predecessor-version":[{"id":13136,"href":"https:\/\/mattfife.com\/index.php?rest_route=\/wp\/v2\/posts\/13134\/revisions\/13136"}],"wp:attachment":[{"href":"https:\/\/mattfife.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=13134"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mattfife.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=13134"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mattfife.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=13134"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}