BACK

I. Exploitation of Software Developers via Fake Job Offers and Recruiting Scams
- Fake recruiters target developers with lucrative job offers, especially in cryptocurrency.
- Scammers use platforms like LinkedIn to send messages promising high pay and flexible work.
- Victims are asked to download files or software (e.g., from Google Drive) pretending to prepare for interviews, which contain malware like info stealers.
- Lazarus Group (North Korean hackers) and Iranian-backed hackers are notable attackers.
- Malware targets cryptocurrency wallets for theft or installs crypto miners on junior developers' machines to generate illicit profit.
- Example: A developer named "Top Ninja" was hacked after downloading code from a seemingly verified company called BlocaNovas.

Actionable Items:
- Avoid downloading unknown repositories or software from recruiters without thorough verification.
- Be cautious of too-good-to-be-true job offers, especially in the crypto industry.
- Verify company legitimacy through official registries and online presence.

II. Threats to Open Source Software Community
- Massive influx of malicious open source packages appeared around end of 2023, primarily in JavaScript, Python, and Ruby ecosystems.
- Typical tricks include spoofing popular package names with slight spelling changes.
- Antivirus evasion and code obfuscation evolved rapidly.
- The open source community responded with stricter submission controls and multi-factor authentication, resulting in a 70% decline of malicious packages in 2024.
- Notable supply chain attack: XZutils package compromised by a trusted contributor injecting malicious code, leading to remote root access on millions of systems.
- "Package hijacking": attackers take over legitimate packages and insert malicious updates targeting crypto libraries.
- Critical vulnerabilities remain in popular libraries like log4j, with a significant portion of downloads still being vulnerable versions.

Actionable Items:
- Maintain vigilance while adding open source dependencies.
- Use security tools to scan packages for vulnerabilities and malicious code.
- Employ multi-factor authentication and code review for package publishing.

III. Social Engineering Attacks via Knowledge Sharing and Developer Trust
- Attackers exploit developers’ willingness to help by approaching them with fake project requests (e.g., crypto project code review).
- Sharing files like Docker images from unknown sources leads to system compromise, AWS credential theft, and unauthorized access.
- Example: Top developer at Safe Wallet was compromised, enabling supply chain attack on large crypto exchange Bybit, resulting in a loss of $1.5 billion in February 2025.

Actionable Items:
- Avoid running code or containers received unsolicited from unknown developers.
- Verify identity and legitimacy before collaborating or reviewing code.
- Monitor and secure cloud credentials and access controls.

IV. Emerging Threats Using AI and Social Media
- Recent campaigns on TikTok use AI-generated videos to lure users with fake offers (e.g., free premium Spotify).
- Instructions encourage running terminal commands that install info stealers, compromising users.
- These campaigns rapidly gain high views and interaction, illustrating the efficacy of modern social engineering tactics.

Actionable Items:
- Exercise caution with offers on social media, especially those asking for running scripts or commands.
- Educate users and developers about the risks of executing unverified code.
- Monitor online trends for emerging threats and educate communities.

V. Overall Conclusions
- Cyber attackers exploit human trust, hopes for career growth, and popular technologies like crypto and open source.
- Vigilance, education, and secure practices are essential defenses.
- Reminder: basic security wisdom (e.g., don’t trust strangers, verify everything) is still paramount.

Summary:
- Software developers are targeted through fake job offers, malware disguised in recruiting communications, and social engineering exploiting trust.
- Open source ecosystems face ongoing threats from malicious packages and supply chain attacks.
- High-profile supply chain compromises can have massive financial impacts on cryptocurrency exchanges.
- AI-driven social media scams represent a new vector for exploits targeting both developers and general users.
- Strong verification procedures, cautious behavior, multi-factor authentication, and ongoing community vigilance are key defense measures.

The kind of phishing that developers likely click

Share:

11:20 - 11:50, 27th of May (Tuesday) 2025 / DEV AI & DATA STAGE

By design, phishing makes you turn off thinking and act mindlessly. Software developers won’t fall into Nigerian Prince charming, won’t transfer sums of money just because ‘the CEO asked them to’. They will be social engineered by techniques that appeal to their career paths, ways of working or IT community values. Hackers exploit what we trust, like or crave for at work. In this presentation we will go through real world notorious campaigns that target developers, learn who are the attackers and what they go after.

LEVEL:
Basic Advanced Expert
TRACK:
Cybersecurity
TOPICS:
Cybersecurity FutureTrends

Tomasz Szmidt

WithSecure