Today > 1 Critical | 2 High | 6 Medium vulnerabilities   -   You can now download lists of IOCs here!

DPRK Threat Actors Lure Tech Industry Job Seekers to Install New Variants of BeaverTail and InvisibleFerret Malware

Oct. 10, 2024, 8:07 a.m.

Description

DPRK-associated threat actors are targeting tech industry job seekers through fake recruitment campaigns, installing malware on their devices. The campaign, named CL-STA-240 Contagious Interview, uses social engineering to lure victims into online interviews where they are convinced to download malicious software. The attackers have updated two key pieces of malware: BeaverTail, a cross-platform downloader and infostealer, and InvisibleFerret, a Python backdoor. BeaverTail, now compiled using Qt framework, targets both macOS and Windows platforms, with enhanced capabilities including cryptocurrency wallet theft. InvisibleFerret enables remote control, keylogging, and data exfiltration. The campaign poses risks to individuals and potentially to the companies employing targeted job seekers.

Date

Published: Oct. 9, 2024, 3:39 p.m.

Created: Oct. 9, 2024, 3:39 p.m.

Modified: Oct. 10, 2024, 8:07 a.m.

Attack Patterns

BeaverTail

InvisibleFerret

DPRK

T1059.006

T1119

T1497

T1087

T1056.001

T1555

T1005

T1016

T1082

T1105

T1083

T1071

T1543

T1219

T1204

T1132

T1041

T1566

T1078

Additional Informations

Technology