Looking for a new job? Watch out you don't fall for this new malware scam

A digital representation of a lock
(Image credit: Altalex)

  • Researchers spot North Korean threat actors engaging in fake job scams
  • The attacks seek to deploy the OtterCookie malware
  • This malware steals sensitive information

North Korean hackers aren’t giving up on their fake job scams, it seems, as experts found they have added more malware variants, diversifying the tools used in the campaign that’s now almost three years old.

Cybersecurity researchers from NTT Security Japan revealed a North Korean threat actor engaged in a campaign dubbed “Contagious Interview”.

The campaign has been extensively covered by multiple researchers, and most media. The crooks would create a fake job opening, as well as a number of fake social media accounts. Then, they would target software developers, or other high-profile individuals (such as people working in the aerospace, defense, or government sectors), and offer exciting and lucrative new job opportunities.

OtterCookie

The campaign was first spotted in 2022, and is believed to be operated by Lazarus Group - a known state-sponsored threat actor from North Korea. In the latest report, NTT Security Japan claims to have seen the group deploying more than the usual malware variants - BeaverTail and InvisibleFerret.

This time, they’re using malware called OtterCookie. This one is capable of reconnaissance (grabbing system information, for example), data theft (cryptocurrency wallet keys, images, documents, and other high-value files), and clipboard poisoning.

Lazarus is known for targeting primarily web3 (blockchain) businesses, and stealing cryptocurrency. The novel technology is valuable for the criminals, since the stolen money is almost impossible to recover. This group was seen targeting multiple businesses in the past, running away with hundreds of millions of dollars in different cryptos.

It is also best known for running fake job campaigns, targeting not just businesses, but also individual software developers. Its operatives were observed creating fake personas and applying for positions, but also using the fake identities to approach professionals. In all scenarios, the crooks would try to deploy infostealing malware and grab their sensitive data.

Via BleepingComputer

You might also like

TOPICS

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
Hacker silhouette working on a laptop with North Korean flag on the background
North Korean Lazarus hackers are targeting nuclear workers
Hacker silhouette working on a laptop with North Korean flag on the background
North Korean hackers are targeting LinkedIn jobseekers with new malware - here's how to stay safe
North Korean flag with a hooded hacker
North Korean hackers are posing as software development recruiters to target freelancers
Representational image depecting cybersecurity protection
Fake video conferencing apps are targeting Web3 workers to steal their data
Red padlock open on electric circuits network dark red background
CrowdStrike warns of fake job offer scam that is actually just malware
Hacker silhouette working on a laptop with North Korean flag on the background
FBI claims North Korean workers are hacking the US companies which hired them
Latest in Security
Webex by Cisco banner on a Chromebook
Cisco warns some Webex users of worrying security flaw, so patch now
Red padlock open on electric circuits network dark red background
AI-powered cyber threats are becoming the biggest worry for businesses everywhere
Woman using iMessage on iPhone
Apple to take legal action against British Government over backdoor request
Red padlock open on electric circuits network dark red background
Aviaton firms hit by devious new polyglot malware
A laptop with a red screen with a white skull on it with the message: "RANSOMWARE. All your files are encrypted."
Major ransomware attack sees Tata Technologies hit - 1.4TB dataset with over 730,000 files allegedly stolen
Image of laptop infected with malware
Ransomware criminals are now sending their demands...by snail mail?
Latest in News
A hand holding a phone showing the Android Find My Device network
Android's Find My Device can now let you track your friends – and I can't decide if that's cool or creepy
Insta360 X4 360 degree camera without lens protector
Leaked DJI Osmo 360 image suggests GoPro and Insta360 should be worried – here's why
A YouTube Premium promo on a laptop screen
A cheaper YouTube Premium Lite plan just rolled out in the US – but you’ll miss out on these 4 features
Viaim RecDot AI true wireless earbuds
These AI-powered earbuds can also act as a dictaphone with transcription when left in their case
The socket interface of the Intel Core Ultra processor
Intel unveils its most powerful AI PCs yet - new Intel Core Ultra Series 2 processors pack in vPro for lightweight laptops and high-performance workstations alike
An Nvidia GeForce RTX 5070
Nvidia confirms that an RTX 5070 Founders Edition is coming... just not on launch day