Tag: invisibleferret

8 Attack Reports | 0 Vulnerabilities

Attack reports

Lazarus Expands Malicious npm Campaign: 11 New Packages Add Malware Loaders and Bitbucket Payloads

North Korean threat actors have expanded their presence in the npm ecosystem, publishing additional malicious packages that deliver the BeaverTail malware and introduce new remote access trojan loader functionality. The campaign, known as Contagious Interview, aims to compromise developer systems, …
north korea
cryptocurrency
beavertail
invisibleferret
2025-04-08
Published: April 8, 2025
Downloadable IOCs: 6

BeaverTail and Tropidoor Malware Distributed via Recruitment Emails

A sophisticated malware campaign has been uncovered, involving the distribution of BeaverTail and Tropidoor malware through fake recruitment emails. The attackers, suspected to be of North Korean origin, impersonated a developer community to lure victims into downloading malicious code. The campaig…
backdoor
phishing
north korea
infostealer
cryptocurrency
downloader
beavertail
recruitment
invisibleferret
2025-04-03
lightlesscan
tropidoor
Published: April 3, 2025
Downloadable IOCs: 6

Targeting of freelance developers

North Korea-aligned cybercriminals are targeting freelance software developers through fake job offers and coding challenges containing malware. The campaign, dubbed DeceptiveDevelopment, uses two main malware families - BeaverTail and InvisibleFerret - to steal cryptocurrency wallets and login cre…
north korea
spearphishing
infostealer
cryptocurrency
beavertail
invisibleferret
2025-02-21
job scams
freelancers
Published: February 21, 2025
Downloadable IOCs: 0

Inside the Scam: North Korea's IT Worker Threat

North Korea has exploited remote work opportunities to infiltrate international companies with fraudulent IT workers, generating revenue and posing cybersecurity risks. The group PurpleBravo targets cryptocurrency firms using malware like BeaverTail and InvisibleFerret. At least seven suspected Nor…
malware
espionage
north korea
cryptocurrency
beavertail
invisibleferret
remote work
2025-02-13
ottercookie
front companies
it workers
Published: February 13, 2025
Downloadable IOCs: 43

InvisibleFerret Malware: Technical Analysis

A recent surge in North Korean activity involves fake job interviews to distribute malware, including InvisibleFerret. This Python-based malware targets the technology, finance, and cryptocurrency sectors, focusing on developers. It steals source code, wallets, and sensitive files. InvisibleFerret …
stealer
beavertail
rustdoor
invisibleferret
2025-01-21
qrlog
Published: January 21, 2025
Downloadable IOCs: 4

Fake North Korean IT Worker Linked to BeaverTail Video Conference App Phishing Attack

Unit 42 researchers identified a North Korean IT worker activity cluster, CL-STA-0237, involved in phishing attacks using malware-infected video conference apps. The cluster likely operates from Laos and exploited a U.S.-based SMB IT services company to apply for other jobs, securing a position at …
phishing
north korea
supply chain
beavertail
contagious interview
invisibleferret
wagemole
2024-11-15
insider threat
fake it workers
Published: November 15, 2024
Downloadable IOCs: 6

North Korean remote workers landing jobs in the West

North Korean threat actors are utilizing Contagious Interview and WageMole campaigns to secure remote employment in Western countries, evading financial sanctions. The Contagious Interview campaign has been updated with improved script obfuscation and multi-platform support, targeting over 100 devi…
social engineering
cryptocurrency
data theft
beavertail
contagious interview
invisibleferret
2024-11-06
wagemole
sanctions evasion
remote work
job fraud
Published: November 6, 2024
Downloadable IOCs: 56

Tenacious Pungsan: A DPRK threat actor linked to Contagious Interview

Datadog Security Research discovered three malicious npm packages: passports-js, bcrypts-js, and blockscan-api, containing BeaverTail malware associated with North Korean threat actors. The packages, downloaded 323 times, targeted job-seekers in the US tech industry through a campaign named Contagi…
infostealer
cryptocurrency
npm
dprk
beavertail
contagious interview
2024-10-25
invisibleferret
software supply chain
namesquatting
Published: October 25, 2024
Downloadable IOCs: 1
Click here to see more Attack Reports