DPRK Threat Actors Lure Tech Industry Job Seekers to Install New Variants of BeaverTail and InvisibleFerret Malware

Tags

External References

• https://unit42.paloaltonetworks.com/
• https://otx.alienvault.com/

Description

DPRK-associated threat actors are targeting tech industry job seekers through fake recruitment campaigns, installing malware on their devices. The campaign, named CL-STA-240 Contagious Interview, uses social engineering to lure victims into online interviews where they are convinced to download malicious software. The attackers have updated two key pieces of malware: BeaverTail, a cross-platform downloader and infostealer, and InvisibleFerret, a Python backdoor. BeaverTail, now compiled using Qt framework, targets both macOS and Windows platforms, with enhanced capabilities including cryptocurrency wallet theft. InvisibleFerret enables remote control, keylogging, and data exfiltration. The campaign poses risks to individuals and potentially to the companies employing targeted job seekers.

Date