Subj : Looking for a new job? Watch out you don't fall for this new malw To : All From : TechnologyDaily Date : Sun Dec 29 2024 15:30:05 Looking for a new job? Watch out you don't fall for this new malware scam Date: Sun, 29 Dec 2024 15:25:26 +0000 Description: Researchers spotted the OtterCookie malware. FULL STORY ======================================================================Research ers spot North Korean threat actors engaging in fake job scams The attacks seek to deploy the OtterCookie malware This malware steals sensitive information North Korean hackers arent giving up on their fake job scams, it seems, as experts found they have added more malware variants, diversifying the tools used in the campaign thats now almost three years old. Cybersecurity researchers from NTT Security Japan revealed a North Korean threat actor engaged in a campaign dubbed Contagious Interview. The campaign has been extensively covered by multiple researchers, and most media. The crooks would create a fake job opening, as well as a number of fake social media accounts. Then, they would target software developers, or other high-profile individuals (such as people working in the aerospace, defense, or government sectors), and offer exciting and lucrative new job opportunities. OtterCookie The campaign was first spotted in 2022, and is believed to be operated by Lazarus Group - a known state-sponsored threat actor from North Korea. In the latest report, NTT Security Japan claims to have seen the group deploying more than the usual malware variants - BeaverTail and InvisibleFerret. This time, theyre using malware called OtterCookie. This one is capable of reconnaissance (grabbing system information, for example), data theft (cryptocurrency wallet keys, images, documents, and other high-value files), and clipboard poisoning. Lazarus is known for targeting primarily web3 (blockchain) businesses, and stealing cryptocurrency. The novel technology is valuable for the criminals, since the stolen money is almost impossible to recover. This group was seen targeting multiple businesses in the past, running away with hundreds of millions of dollars in different cryptos. It is also best known for running fake job campaigns, targeting not just businesses, but also individual software developers. Its operatives were observed creating fake personas and applying for positions, but also using the fake identities to approach professionals. In all scenarios, the crooks would try to deploy infostealing malware and grab their sensitive data. Via BleepingComputer You might also like North Korean Lazarus hackers are targeting nuclear workers Here's a list of the best antivirus tools on offer These are the best endpoint protection tools right now ====================================================================== Link to news story: https://www.techradar.com/pro/security/looking-for-a-new-job-watch-out-you-don t-fall-for-this-new-malware-scam --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .