A new malware campaign is targeting freelance developers by using fake job advertisements to lure them into downloading malicious software disguised as legitimate tools.

The campaign mainly spreads through GitHub repositories. The attackers impersonate reputable companies and offer enticing job opportunities to freelance developers. To make their scam more believable, they create fake websites and prompt job seekers to download malware-laden software disguised as legitimate development tools.

Once downloaded, the malware infiltrates the victim’s system and allows the attackers to steal credentials or install additional malicious payloads.

ESET researchers say it gathers sensitive information, such as saved login credentials, and can remotely deploy additional malicious payloads. The malware also uses different techniques to avoid detection on compromised systems, according to them.

ESET believes the group behind the campaign is a threat group named “DeceptiveDevelopment.” This group targets freelance platforms and coding communities to distribute malware and is often directed to malicious GitHub repositories.

“DeceptiveDevelopment was first publicly described by Phylum and Unit 42 in 2023 and has already been partially documented under the names Contagious Interview and DEV#POPPER,” ESET says in a report.

“The DeceptiveDevelopment cluster is an addition to an already large collection of money-making schemes employed by North Korea-aligned actors and conforms to an ongoing trend of shifting focus from traditional money to cryptocurrencies,” ESET explains. “We observed it go from primitive tools and techniques to more advanced and capable malware, as well as more polished techniques to lure in victims and deploy the malware.

“Any online job-hunting and freelancing platform can be at risk of being abused for malware distribution by fake recruiters.”

Developers should be very cautious when applying for freelance opportunities online and make sure to verify job offers by researching potential employers. It’s also best to avoid downloads from unknown GitHub repositories — and if you’re not too familiar with the signs of potential malware, for an added layer of protection, you should consider getting strong antivirus software.