North Korean cybercriminals launched a phishing campaign earlier this year targeting software developers at nearly 100 organizations, exploiting widely used coding tools to steal virtual funds and login credentials with little to no user interaction.

The U.S. cybersecurity firm Proofpoint, which tracked the campaign between April and May, said targets spanned cryptocurrency, finance, technology, education and business services sectors…