BeaverTail and Tropidoor Malware Distributed via Recruitment Emails

SUMMARY :

A sophisticated malware campaign has been uncovered, involving the distribution of BeaverTail and Tropidoor malware through fake recruitment emails. The attackers, suspected to be of North Korean origin, impersonated a developer community to lure victims into downloading malicious code. The campaign utilizes a downloader disguised as 'car.dll' and BeaverTail malware masquerading as 'tailwind.config.js'. BeaverTail functions as an infostealer and downloader, targeting web browsers and cryptocurrency wallets. Tropidoor, a backdoor malware, establishes communication with command and control servers, allowing remote execution of various commands. The attack methodology shares similarities with previous North Korean campaigns, including the use of techniques reminiscent of the Lazarus group's LightlessCan malware.

OPENCTI LABELS :

backdoor,phishing,infostealer,north korea,cryptocurrency,beavertail,recruitment,invisibleferret,tropidoor,lightlesscan


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


BeaverTail and Tropidoor Malware Distributed via Recruitment Emails