#etherhiding

[ follow ]
#blockchain-malware #unc5342 #contagious-interview #beavertail #ottercookie #blockchain-c2 #jadesnow
fromThe Hacker News
1 day ago

North Korean Hackers Combine BeaverTail and OtterCookie into Advanced JS Malware

The North Korean threat actor linked to the Contagious Interview campaign has been observed merging some of the functionality of two of its malware programs, indicating that the hacking group is actively refining its toolset. That's according to new findings from Cisco Talos, which said recent campaigns undertaken by the hacking group have seen the functions of BeaverTail and OtterCookie coming closer to each other more than ever, even as the latter has been fitted with a new module for keylogging and taking screenshots.
Information security
#blockchain-malware
fromTechzine Global
1 day ago
Information security

North Korea uses blockchains as indelible malware hosts

North Korean threat actor UNC5342 uses EtherHiding—smart contracts on public blockchains—to host and deliver malware (JADESNOW loader and INVISIBLEFERRET backdoor) via fake job lures.
fromTheregister
2 days ago
Information security

Norks abuse blockchains to scam job seekers, steal wallets

North Korean threat actors embed malware in blockchain smart contracts (EtherHiding) to target developers, steal cryptocurrency and credentials, and maintain stealthy persistent access.
more#blockchain-malware
Information security
fromThe Hacker News
2 days ago

Hackers Abuse Blockchain Smart Contracts to Spread Malware via Infected WordPress Sites

UNC5142 leverages compromised WordPress sites and BNB Smart Chain smart contracts to deliver information-stealing malware to Windows and macOS systems.
fromThe Hacker News
2 days ago

North Korean Hackers Use EtherHiding to Hide Malware Inside Blockchain Smart Contracts

A threat actor with ties to the Democratic People's Republic of Korea (aka North Korea) has been observed leveraging the EtherHiding technique to distribute malware and enable cryptocurrency theft, marking the first time a state-sponsored hacking group has embraced the method. The activity has been attributed by Google Threat Intelligence Group (GTIG) to a threat cluster it tracks as UNC5342, which is also known as CL-STA-0240 (Palo Alto Networks Unit 42), DeceptiveDevelopment (ESET), DEV#POPPER (Securonix), Famous Chollima (CrowdStrike),
Information security
[ Load more ]