- Researchers Detect North Korean Threat Actors Involved in Fake Job Scams
- Attacks seek to deploy OtterCookie malware
- This malware steals confidential information
North Korean hackers apparently aren’t giving up their fake jobs scams, as experts found they have added more malware variants, diversifying the tools used in the nearly three-year-old campaign.
Cybersecurity researchers at NTT Security Japan revealed that a North Korean threat actor participated in a campaign called “Contagious Interview.”
The campaign has been widely covered by multiple researchers and most of the media. The criminals would create a fake job offer, as well as a series of fake social media accounts. They would then target software developers or other high-profile people (such as people working in the aerospace, defense, or government sectors) and offer interesting and lucrative new job opportunities.
ottercookie
The campaign was first detected in 2022 and is believed to be operated by Lazarus Group, a known North Korean state-sponsored threat actor. In the latest report, NTT Security Japan claims to have seen the group deploy more malware variants than usual: BeaverTail and InvisibleFerret.
This time they are using a malware called OtterCookie. This is capable of performing reconnaissance (obtaining system information, for example), data theft (cryptocurrency wallet keys, images, documents and other high-value files), and clipboard poisoning.
Lazarus is known for mainly targeting web3 (blockchain) companies and stealing cryptocurrencies. The new technology is valuable to criminals, as stolen money is almost impossible to recover. This group was seen targeting multiple companies in the past, fleeing with hundreds of millions of dollars in different cryptocurrencies.
It is also best known for running fake job campaigns, targeting not only companies but also individual software developers. Its agents were observed creating fake personas and applying for positions, but also using fake identities to approach professionals. In all scenarios, criminals would try to deploy information-stealing malware and get hold of your sensitive data.
Through beepcomputer
