Unit 42’s latest research was published today on a North Korean cyber campaign targeting tech job seekers. The campaign, known as CL-STA-240 Contagious Interview, involves fake recruiters on platforms like LinkedIn, tricking users into malware infections that steal sensitive data such as, browser passwords and cryptocurrency wallets. Since its initial report in November 2023, Unit 42 has continued to monitor new online activity and code updates to two pieces of malware tied to the campaign.
Highlights include:
- New malware variant, BeaverTail, targets both macOS and Windows, capable of stealing data and cryptocurrency from 13 different wallets
- Social Engineering: Attackers pose as recruiters on platforms like LinkedIn and set up fake interviews, convincing victims to download malware disguised as legitimate software like MiroTalk and FreeConference
- InvisibleFerret Backdoor: Written in Python, this malware now includes new features like downloading additional remote-control software (AnyDesk) and stealing browser credentials and credit card information
- Financial Motive: North Korea threat actors likely have a financial motive given the malware’s focus on stealing cryptocurrency from a growing number of wallets
You can read the research here.
Like this:
Like Loading...
Related
This entry was posted on October 9, 2024 at 11:39 am and is filed under Commentary with tags Palo Alto. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
North Korean Hackers Target Tech Job Seekers in New Malware Campaign
Unit 42’s latest research was published today on a North Korean cyber campaign targeting tech job seekers. The campaign, known as CL-STA-240 Contagious Interview, involves fake recruiters on platforms like LinkedIn, tricking users into malware infections that steal sensitive data such as, browser passwords and cryptocurrency wallets. Since its initial report in November 2023, Unit 42 has continued to monitor new online activity and code updates to two pieces of malware tied to the campaign.
Highlights include:
You can read the research here.
Share this:
Like this:
Related
This entry was posted on October 9, 2024 at 11:39 am and is filed under Commentary with tags Palo Alto. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.