CyberSecurity news
FlagThis
@www.silentpush.com
//
North Korean hackers, identified as the Contagious Interview APT group, are running a sophisticated malware campaign targeting individuals seeking employment in the cryptocurrency sector. Silent Push threat analysts have uncovered the operation, revealing that the group, also known as Famous Chollima and a subgroup of Lazarus, is using three front companies—BlockNovas LLC, Angeloper Agency, and SoftGlide LLC—to spread malicious software. These companies are being used to lure unsuspecting job applicants into downloading malware through fake job interview opportunities, marking an evolution in the group's cyber espionage and financial gain tactics.
The campaign involves the distribution of three distinct malware strains: BeaverTail, InvisibleFerret, and OtterCookie. Job seekers are enticed with postings on various online platforms, including CryptoJobsList, CryptoTask, and Upwork. Once an application is submitted, the hackers send what appear to be legitimate interview-related files containing the malware. The attackers are also using AI-generated images to create employee profiles for these front companies, specifically using Remaker AI to fabricate realistic personas, enhancing the credibility of their fraudulent operations and making it harder for job seekers to differentiate between genuine and malicious opportunities.
The use of these front companies and AI-generated profiles signifies a new escalation in the tactics employed by Contagious Interview. The malware, once installed, allows hackers to remotely access infected computers and steal sensitive data. The campaign leverages legitimate platforms like GitHub and various job boards to further enhance its deceptive nature. Silent Push's analysis has successfully traced the malware back to specific websites and internet addresses used by the hackers, including lianxinxiao[.]com, and uncovered a hidden online dashboard monitoring suspected BeaverTail websites, providing valuable insights into the operational infrastructure of this North Korean APT group.
ImgSrc: www.silentpush.
References :
The campaign involves the distribution of three distinct malware strains: BeaverTail, InvisibleFerret, and OtterCookie. Job seekers are enticed with postings on various online platforms, including CryptoJobsList, CryptoTask, and Upwork. Once an application is submitted, the hackers send what appear to be legitimate interview-related files containing the malware. The attackers are also using AI-generated images to create employee profiles for these front companies, specifically using Remaker AI to fabricate realistic personas, enhancing the credibility of their fraudulent operations and making it harder for job seekers to differentiate between genuine and malicious opportunities.
The use of these front companies and AI-generated profiles signifies a new escalation in the tactics employed by Contagious Interview. The malware, once installed, allows hackers to remotely access infected computers and steal sensitive data. The campaign leverages legitimate platforms like GitHub and various job boards to further enhance its deceptive nature. Silent Push's analysis has successfully traced the malware back to specific websites and internet addresses used by the hackers, including lianxinxiao[.]com, and uncovered a hidden online dashboard monitoring suspected BeaverTail websites, providing valuable insights into the operational infrastructure of this North Korean APT group.
ImgSrc: www.silentpush.
Share:
References :
- hackread.com: North Korean Hackers Use Fake Crypto Firms in Job Malware Scam
- The Hacker News: North Korean Hackers Spread Malware via Fake Crypto Firms and Job Interview Lures
- www.silentpush.com: Contagious Interview (DPRK) Launches a New Campaign Creating Three Front Companies to Deliver a Trio of Malware: BeaverTail, InvisibleFerret, and OtterCookie
- Anonymous ???????? :af:: Threat analysts have uncovered that North Korea's Contagious Interview APT group is using three front companies to distribute malware strains BeaverTail, InvisibleFerret, and OtterCookie through fake cryptocurrency job offers.
- www.silentpush.com: North Korean APT registers three cryptocurrency companies to infect cryptocurrency job applicants with BeaverTail, InvisibleFerret, and OtterCookie malware
- cyberpress.org: North Korean APT Contagious Interview registers three cryptocurrency companies (BlockNovas LLC, Angeloper Agency, and SoftGlide LLC) to infect cryptocurrency job applicants with BeaverTail, InvisibleFerret, and OtterCookie malware
- bsky.app: North Korean APT Contagious Interview registers three cryptocurrency companies (BlockNovas LLC, Angeloper Agency, and SoftGlide LLC) to infect cryptocurrency job applicants with BeaverTail, InvisibleFerret, and OtterCookie malware
- www.scworld.com: North Korean cyberespionage facilitated by bogus US firms, crackdown underway
- Virus Bulletin: Silent Push researchers have uncovered three cryptocurrency companies that are actually fronts for the North Korean APT group Contagious Interview. BeaverTail, InvisibleFerret & OtterCookie are being spread from this infrastructure to unsuspecting cryptocurrency job applicants.
- www.scworld.com: New Lazarus campaign hits South Korea BleepingComputer reports that at least half a dozen South Korean organizations in the finance, telecommunications, IT, and software industries have been compromised by North Korean hacking collective Lazarus Group
- Cyber Security News: North Korean threat actors are leveraging generative artificial intelligence (GenAI) technologies to systematically infiltrate remote technical roles worldwide, according to recent findings from Okta Threat Intelligence.
- PCMag UK security: Okta finds evidence that North Koreans are using a variety of AI services to upgrade their chances of fraudulently securing remote work so they can line their country's coffers or steal secrets.
- malware.news: North Korean Group Creates Fake Crypto Firms in Job Complex Scam
- www.bitdegree.org: North Korean hackers use AI and fake job offers within cryptocurrency companies to distribute malware to unsuspecting job seekers
- cyberpress.org: North Korean threat actors are leveraging generative artificial intelligence (GenAI) technologies to systematically infiltrate remote technical roles worldwide, according to recent findings from Okta Threat Intelligence.
- malware.news: North Korean threat actors are leveraging generative artificial intelligence (GenAI) technologies to systematically infiltrate remote technical roles worldwide, according to recent findings from Okta Threat Intelligence.
- securityonline.info: Threat analysts at Silent Push have uncovered a new campaign orchestrated by the North Korean state-sponsored APT group,
- securityonline.info: Threat actors are using fake companies in the cryptocurrency consulting industry to spread malware to unsuspecting job applicants.
- Cybernews: North Korean APT Contagious Interview registers three cryptocurrency companies (BlockNovas LLC, Angeloper Agency, and SoftGlide LLC) to infect cryptocurrency job applicants with BeaverTail, InvisibleFerret, and OtterCookie malware
- gbhackers.com: North Korean APT Hackers Pose as Companies to Spread Malware to Job Seekers
Classification:
- HashTags: #APT #NorthKorea #Malware
- Company: Silent Push
- Target: Cryptocurrency Sector, Job Seekers
- Attacker: Contagious Interview
- Feature: Front Companies
- Malware: BeaverTail, InvisibleFerret, OtterCookie
- Type: Malware
- Severity: Major