SRI LANKA / LONDON (IT BOLTWISE) – North Korean hackers have refined their malware strategies by combining the features of BeaverTail and OtterCookie. This development shows increasing sophistication in their attack methods, which now include keylogging and screenshots. The hackers also use blockchain technology to disguise their attacks.
Today’s daily deals at Amazon! ˗ˋˏ$ˎˊ˗
The North Korean hacking group associated with the Contagious Interview campaign recently refined its malware strategies by combining the features of BeaverTail and OtterCookie. This development shows increasing sophistication in their attack methods, which now include keylogging and screenshots. According to Cisco Talos, the hackers have merged the functions of these two malware programs more closely, equipping OtterCookie with a new module for keylogging and screenshots.
The activity is attributed to a threat group known by various names in the cybersecurity community, including CL-STA-0240, DeceptiveDevelopment and Famous Chollima. This group has developed a new technique called EtherHiding to load next levels of attacks over the BNB Smart Chain or Ethereum blockchains. This represents the first documented case of a state actor using this method, which has previously been used by cybercriminals.
The Contagious Interview campaign began in late 2022 and aimed to deceive job seekers with fake job offers to trick them into installing malware. This malware steals sensitive data and cryptocurrencies. In recent months, the campaign has undergone several transformations, including the use of social engineering techniques such as ClickFix to distribute malware such as GolangGhost and PylangGhost.
Interestingly, an organization in Sri Lanka fell victim to this campaign after a user fell for a fake job offer and installed a trojanized Node.js application called Chessfi. This application contained a malicious dependency that was distributed via the npm repository. The malware used legitimate npm packages to capture keystrokes and screenshots and send the information to a command-and-control server.
The latest version of OtterCookie, known as OtterCookie v5, includes features to collect browser profiles and extensions, steal data from web browsers and cryptocurrency wallets, and install AnyDesk for persistent remote access. These developments suggest that the hacking group may be testing new methods to spread its malware.
*Order an Amazon credit card with no annual fee with a credit limit of 2,000 euros! a‿z
Bestseller No. 1 ᵃ⤻ᶻ “KI Gadgets”
Bestseller No. 2 ᵃ⤻ᶻ “KI Gadgets”
Bestseller No. 3 ᵃ⤻ᶻ “KI Gadgets”
Bestseller No. 4 ᵃ⤻ᶻ “KI Gadgets”
Bestseller No. 5 ᵃ⤻ᶻ “KI Gadgets”
Please send any additions and information to the editorial team by email to de-info[at]it-boltwise.de. Since we cannot rule out AI hallucinations, which rarely occur with AI-generated news and content, we ask you to contact us via email and inform us in the event of false statements or misinformation. Please don’t forget to include the article headline in the email: “North Korean hackers develop advanced malware by combining BeaverTail and OtterCookie”.
The post North Korean hackers develop advanced malware by combining BeaverTail and OtterCookie appeared first on Veritas News.
