DPRK Threat Actors Lure Tech Industry Job Seekers to Install New Variants of BeaverTail and InvisibleFerret Malware
Oct. 10, 2024, 8:07 a.m.
Tags
External References
Description
DPRK-associated threat actors are targeting tech industry job seekers through fake recruitment campaigns, installing malware on their devices. The campaign, named CL-STA-240 Contagious Interview, uses social engineering to lure victims into online interviews where they are convinced to download malicious software. The attackers have updated two key pieces of malware: BeaverTail, a cross-platform downloader and infostealer, and InvisibleFerret, a Python backdoor. BeaverTail, now compiled using Qt framework, targets both macOS and Windows platforms, with enhanced capabilities including cryptocurrency wallet theft. InvisibleFerret enables remote control, keylogging, and data exfiltration. The campaign poses risks to individuals and potentially to the companies employing targeted job seekers.
Date
Published: Oct. 9, 2024, 3:39 p.m.
Created: Oct. 9, 2024, 3:39 p.m.
Modified: Oct. 10, 2024, 8:07 a.m.
Attack Patterns
BeaverTail
InvisibleFerret
DPRK
T1059.006
T1119
T1497
T1087
T1056.001
T1555
T1005
T1016
T1082
T1105
T1083
T1071
T1543
T1219
T1204
T1132
T1041
T1566
T1078
Additional Informations
Technology