Fake Web3 job recruiters associated with North Korea have updated their malware to target both Windows and macOS systems and are now capable of stealing cryptocurrency from 13 different wallets, according to a report by cybersecurity company Palo Alto’s cyber risk team, Unit 42. The malware works by tricking job seekers into downloading a video call application that is actually malware. Once the victim executes the malicious code, it collects data and digital funds in the background. The researchers believe that these North Korean threat actors are financially motivated and are working to support the Democratic People’s Republic of Korea (DPRK) regime. The malware targets tech industry job seekers and contacts them through job search platforms, inviting them to an online interview. The attackers then convince the developers to download and install the malware disguised as a video chat app. The updated malware has been named the “Contagious Interview campaign” and includes two pieces of malware: the BeaverTail downloader and the InvisibleFerret backdoor. The newer version of the malware uses the cross-platform framework Qt, allowing it to compile applications for both Windows and macOS simultaneously. The malware targets 13 different crypto wallet browser extensions, stealing browser passwords and cryptocurrency wallets. Unit 42 advises individuals and organizations to be aware of these advanced social engineering campaigns and offers protection and mitigation measures in its report.
