DeceptiveDevelopment: From primitive crypto theft to sophisticated AI-based deception

This ESET blogpost summarizes a white paper on DeceptiveDevelopment, a North Korea‑aligned threat actor that uses fake recruiter profiles and ClickFix social engineering to deliver cross‑platform infostealers and RATs (BeaverTail, InvisibleFerret, WeaselStore, TsunamiKit, Tropidoor, AkdoorTea). It details the group's tactics, malware execution chains, infrastructure and OSINT linking to North Korean IT worker (WageMole) fraud-for-hire campaigns, and provides extensive IoCs and a MITRE ATT&CK mapping for defenders.