Threat Actors Behind the DEV#POPPER Campaign Have Retooled and are Continuing to Target Software Developers via Social Engineering
Essential information
- Published
- 01/08/2024 11:01
- Modified
- 01/08/2024 11:31
- Tags
- 2024-08-01 dev#popper social engineering
- Related entities
- 14 observables, 1 intrusion sets (apt), 9 techniques (mitre)
Description
The intelligence report discusses an ongoing malware campaign that targets software developers through social engineering tactics like fake job interviews. The threat actors behind this campaign have upgraded their tools, now supporting multiple operating systems (Windows, Linux, and macOS) and employing more robust capabilities. The malware leverages Python scripts to establish persistent connections, execute remote commands, exfiltrate data via FTP, log keystrokes and clipboard contents, and deploy additional payloads. New functionalities include enhanced obfuscation, extended FTP capabilities, multi-OS support, and post-exploitation scripts for browser credential theft. The report provides analysis of the malware's tactics, techniques, and procedures (TTPs), along with recommendations for prevention and detection.