Looking for a new job? Be careful not to fall for this new malware scam
- Researchers spot North Korean threat actors engaged in fake job fraud
- The attacks are intended to use the OtterCookie malware
- This malware steals sensitive information
It appears North Korean hackers are not giving up on their fake job scams as experts found they have added more malware variants, diversifying the tools used in the campaign that is now almost three years old.
Cybersecurity researchers from NTT Security Japan have revealed a North Korean threat actor involved in a campaign called ‘Contagious Interview’.
The campaign has been extensively discussed by several researchers and most media. The crooks would create a fake job advertisement as well as a number of fake social media accounts. They would then target software developers or other high-profile individuals (such as those working in the aerospace, defense or government sectors) and offer exciting and lucrative new job opportunities.
Otter cookie
The campaign was first spotted in 2022 and is believed to be carried out by the Lazarus Group, a known state-sponsored threat actor from North Korea. In the latest report, NTT Security Japan claims that the group has deployed more than the usual malware variants: BeaverTail and InvisibleFerret.
This time they use malware called OtterCookie. This is capable of reconnaissance (e.g. collecting system information), data theft (cryptocurrency wallet keys, images, documents and other valuable files) and clipboard poisoning.
Lazarus is known for mainly targeting web3 (blockchain) companies and stealing cryptocurrency. The new technology is valuable to criminals because the stolen money is virtually impossible to trace. In the past, this group was seen targeting multiple companies and making off with hundreds of millions of dollars worth of various cryptos.
It is also best known for running fake job campaigns, which target not only companies but also individual software developers. The officers were observed creating false personas and applying for positions, as well as using the fake identities to approach professionals. In all scenarios, the crooks would try to deploy information-stealing malware and obtain their sensitive data.
Via BleepingComputer