DPRK Threat Actors Lure Tech Industry Job Seekers to Install New Variants of BeaverTail and InvisibleFerret Malware
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
DPRK-associated threat actors are targeting tech industry job seekers through fake recruitment campaigns, installing malware on their devices. The campaign, named CL-STA-240 Contagious Interview, uses social engineering to lure victims into online interviews where they are convinced to download malicious software. The attackers have updated two key pieces of malware: BeaverTail, a cross-platform downloader and infostealer, and InvisibleFerret, a Python backdoor. BeaverTail, now compiled using Qt framework, targets both macOS and Windows platforms, with enhanced capabilities including cryptocurrency wallet theft. InvisibleFerret enables remote control, keylogging, and data exfiltration. The campaign poses risks to individuals and potentially to the companies employing targeted job seekers.
OPENCTI LABELS :
social engineering,cryptocurrency theft,beavertail,python backdoor
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
DPRK Threat Actors Lure Tech Industry Job Seekers to Install New Variants of BeaverTail and InvisibleFerret Malware