"The North Korean threat actor linked to the Contagious Interview campaign has been observed merging some of the functionality of two of its malware programs, indicating that the hacking group is actively refining its toolset. That's according to new findings from Cisco Talos, which said recent campaigns undertaken by the hacking group have seen the functions of BeaverTail and OtterCookie coming closer to each other more than ever, even as the latter has been fitted with a new module for keylogging and taking screenshots."
"The development comes as Google Threat Intelligence Group (GTIG) and Mandiant revealed the threat actor's use of a stealthy technique known as EtherHiding to fetch next-stage payloads from the BNB Smart Chain (BSC) or Ethereum blockchains, essentially turning decentralized infrastructure into a resilient command-and-control (C2) server. It represents the first documented case of a nation-state actor utilizing the method that has been otherwise adopted by cybercrime groups."
North Korean threat actors tied to Contagious Interview are integrating features of BeaverTail and OtterCookie malware, with OtterCookie gaining a keylogging and screenshot module. The activity is linked to a threat cluster tracked under multiple monikers including CL-STA-0240, DeceptiveDevelopment, and Void Dokkaebi. The actor adopted EtherHiding to retrieve payloads from BNB Smart Chain or Ethereum, transforming blockchains into resilient C2 infrastructure. The recruitment scam lured job seekers with fake technical assessments to deliver information-stealing malware and steal sensitive data and cryptocurrency. Recent shifts include ClickFix social engineering and various malware strains such as GolangGhost, PylangGhost, TsunamiKit, Tropidoor, and AkdoorTea.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]