ESET tracks DeceptiveDevelopment as a North Korea-aligned cluster that targets freelance software developers, especially people working on cryptocurrency and DeFi projects. Operators pose as recruiters or headhunters on job and freelancing platforms, then provide coding-test projects from private repositories or similar hosting that conceal malicious code. Running the project deploys BeaverTail as first-stage malware and can lead to InvisibleFerret, giving the operators theft and remote-access capability across Windows, Linux, and macOS. ESET links the cluster to DPRK-aligned activity through shared recruiting tradecraft, GitHub connections to North Korean IT-worker personas, and malware focused on browser, password-manager, and cryptocurrency-wallet data.