Threat Actors Behind the DEV#POPPER Campaign Have Retooled and are Continuing to Target Software Developers via Social Engineering

Description

The intelligence report discusses an ongoing malware campaign that targets software developers through social engineering tactics like fake job interviews. The threat actors behind this campaign have upgraded their tools, now supporting multiple operating systems (Windows, Linux, and macOS) and employing more robust capabilities. The malware leverages Python scripts to establish persistent connections, execute remote commands, exfiltrate data via FTP, log keystrokes and clipboard contents, and deploy additional payloads. New functionalities include enhanced obfuscation, extended FTP capabilities, multi-OS support, and post-exploitation scripts for browser credential theft. The report provides analysis of the malware's tactics, techniques, and procedures (TTPs), along with recommendations for prevention and detection.