The threat actor behind CL-STA-0240 contacts software developers through job search platforms by posing as a prospective employer, attempting to lure victims into malware infections.
The first stage of infection involves the BeaverTail downloader, designed to target both Windows and macOS platforms, acting as a conduit for the Python-based InvisibleFerret backdoor.
Despite public disclosure, evidence suggests that the campaign continues to succeed by enticing software developers into executing malicious code disguised as a coding assignment.
The bogus application is developed using Qt, facilitating cross-compilation for both platforms, enabling BeaverTail to steal browser passwords and data from cryptocurrency wallets.
Collection
[
|
...
]