According to a recent report by The Hacker News, North Korean hackers are attempting to trick non-developer job applicants within the cryptocurrency sector with the BeaverTail malware, which steals logins and crypto wallets, and InvisibleFerret.
Both macOS and Windows users should avoid strange downloads from GitHub or Vercel as well as suspicious scripts.
How it works
Unfortunate applicants who fall for the sham run "fix" commands that disguise bogus microphone or camera errors when recording a short video on a fake website created by the attackers. This is a common trick used by North Koreans, which should be automatically treated as a red flag.
With the help of the aforementioned commands, the attackers then run a payload that installs BeaverTail and InvisibleFerret as a bundle.
What is notable is that North Korean attackers used to target primarily tech-savvy developers with BeaverTail, but they have now changed their targets. The new version is a ready-to-run program, meaning that it is no longer necessary for JavaScript or Python to be installed on the victim's machines.
The usage of harmless-looking decoy files also makes it more challenging for security tools to actually detect them. Some parts of the malware are also hidden in password-protected files.
Growing threat
The recent malware has been linked to North Korean attackers since BeaverTail was previously used by them. Moreover, some IPs are associated with the hermit kingdom.
As reported by U.Today, Binance CEO Changpeng Zhao recently took to X (formerly Twitter) to warn about North Korean hackers posing as job candidates, potential employers, and users.
Dan Burgin
Vladislav Sopov
U.Today Editorial Team