2024-12-28 16:05:18 Pacfic
North Korean Hackers Deploy OtterCookie Malware - 14h
North Korean threat actors are actively deploying a new malware called OtterCookie as part of their ongoing Contagious Interview campaign. This campaign uses social engineering tactics, with hackers posing as recruiters to lure developers into downloading malware disguised as part of the interview process. The malware is delivered through malicious files such as Node.js projects, npm packages, and applications built on Qt or Electron. These infected files are often found on platforms like GitHub and Bitbucket. Once activated, OtterCookie establishes communication with a command-and-control server.
The primary goal of OtterCookie is financial gain through data exfiltration. It steals sensitive information such as cryptocurrency wallet keys, documents, and clipboard content. The malware has evolved, with a September version directly targeting Ethereum keys, while a November update employs remote shell commands to achieve similar results, and also execute reconnaissance commands. The ongoing updates and continued use of the Contagious Interview campaign suggests its effectiveness at breaching target systems, and emphasizes the need for caution when engaging with job offers, and the downloading of code.
ImgSrc: securityonline.info
References:
- Cyber Security News - New ‘OtterCookie’ Malware Targets Developers with Fake Job Offers - 16h
- Malware Archives ? Cybersecurity News - “OtterCookie” Malware Nibbles at Developers in “Contagious Interview” Campaign - 16h
- The Hacker News - North Korean Hackers Deploy OtterCookie Malware in Contagious Interview Campaign - 16h
- SCM feed for Threat Management - Novel OtterCookie malware added to Contagious Interview attack arsenal - 16h
- gbhackers.com - New ‘OtterCookie’ Malware Attacking Software Developers Via Fake Job Offers - 13h
- CISO2CISO.COM & CYBER SECURITY GROUP - North Korean Hackers Deploy OtterCookie Malware in Contagious Interview Campaign - 11h
- Security Affairs - North Korea actors use OtterCookie malware in Contagious Interview campaign - 7h
Classification:
- HashTags: OtterCookie NorthKoreanHackers CyberAttack
- Company: Palo Alto Networks
- Target: software developers
- Attacker: North Korean
- Product: PAN-OS
- Feature: recruitment
- Type: Malware
- Severity: Major