Phone : +91 95 8290 7788 | Email : sales@itmonteur.net

Register & Request Quote | Submit Support Ticket

Home » Cyber Security News » Vulnerabilities & Exploits » N. Korean Hackers Use Fake Interviews to Infect Developers with Cross-Platform Malware

N. Korean Hackers Use Fake Interviews to Infect Developers with Cross-Platform Malware

N. Korean Hackers Use Fake Interviews to Infect Developers with Cross-Platform Malware

https://firewall.firm.in/wp-content/uploads/2024/10/attack.png

Oct 09, 2024Ravie LakshmananPhishing Attack / Malware

Cross-Platform Malware

Threat actors with ties to North Korea have been observed targeting job seekers in the tech industry to deliver updated versions of known malware families tracked as BeaverTail and InvisibleFerret.

The activity cluster, tracked as CL-STA-0240, is part of a campaign dubbed Contagious Interview that Palo Alto Networks Unit 42 first disclosed in November 2023.

“The threat actor behind CL-STA-0240 contacts software developers through job search platforms by posing as a prospective employer,” Unit 42 said in a new report.

Cybersecurity

“The attackers invite the victim to participate in an online interview, where the threat actor attempts to convince the victim to download and install malware.”

The first stage of infection involves the BeaverTail downloader and information stealer that’s designed for targeting both Windows and Apple macOS platforms. The malware acts as a conduit for the Python-based InvisibleFerret backdoor.

There is evidence to suggest that the activity remains active despite public disclosure, indicating that the threat actors behind the operation are continuing to taste success by enticing developers into executing malicious code under the pretext of a coding assignment.

N. Korean Hackers

Security researcher Patrick Wardle and cybersecurity company Group-IB, in two independent analyses, detailed an attack chain that leveraged fake Windows and maCOS video conferencing applications impersonating MiroTalk and FreeConference.com to infiltrate developer systems with BeaverTail and InvisibleFerret.

“The overall modus operandi of the CL-STA-0240 Contagious Interview campaign has remained unchanged likely due to the continued effectiveness of their approach,” Assaf Dahan, director of threat research at Unit 42, told The Hacker News.

“Even though the campaign has been publicly reported and analyzed, social engineering techniques — like impersonating recruiters — tend to be highly effective, especially in targeting individuals who are unaware of such threats or may overlook basic security practices during a job search. By exploiting trust and urgency in professional settings, these attackers have created a reliable method of gaining access to victims’ devices.”

What makes the latest iteration noteworthy is that the bogus application is developed using Qt, which supports cross-compilation for both Windows and macOS. The Qt-based version of BeaverTail is capable of stealing browser passwords and harvesting data from several cryptocurrency wallets.

Cybersecurity

“Another factor [behind the campaign’s lack of tactical changes] may be the introduction of a new, less suspicious and more evasive version of their malware (BeaverTail, now written in the Qt framework) that targets both macOS and Windows platforms,” Dahan said.

“This allows the same method of attack (fake job interviews and recruiter impersonation) to be used across a broader range of victims and devices, without significant need to change the operational mechanics of the campaign.”

BeaverTail, besides exfiltrating the data to an adversary-controlled server, is equipped to download and execute the InvisibleFerret backdoor, which includes two components of its own –

  • A main payload that enables fingerprinting of the infected host, remote control, keylogging, data exfiltration, and downloading of AnyDesk
  • A browser stealer that collects browser credentials and credit card information

“North Korean threat actors are known to conduct financial crimes for funds to support the DPRK regime,” Unit 42 said. “This campaign may be financially motivated, since the BeaverTail malware has the capability of stealing 13 different cryptocurrency wallets.”

(The story was updated after publication to include additional responses from Palo Alto Networks Unit 42.)

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.


Information Security - InfoSec - Cyber Security - Firewall Providers Company in India

 

 

 

 

 

 

 

 

 

 

 

 

What is Firewall? A Firewall is a network security device that monitors and filters incoming and outgoing network traffic based on an organization's previously established security policies. At its most basic, a firewall is essentially the barrier that sits between a private internal network and the public Internet.

 

Secure your network at the gateway against threats such as intrusions, Viruses, Spyware, Worms, Trojans, Adware, Keyloggers, Malicious Mobile Code (MMC), and other dangerous applications for total protection in a convenient, affordable subscription-based service. Modern threats like web-based malware attacks, targeted attacks, application-layer attacks, and more have had a significantly negative effect on the threat landscape. In fact, more than 80% of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weaknesses in networking components and services. Stateful firewalls with simple packet filtering capabilities were efficient blocking unwanted applications as most applications met the port-protocol expectations. Administrators could promptly prevent an unsafe application from being accessed by users by blocking the associated ports and protocols.

 

Firewall Firm is an IT Monteur Firewall Company provides Managed Firewall Support, Firewall providers , Firewall Security Service Provider, Network Security Services, Firewall Solutions India , New Delhi - India's capital territory , Mumbai - Bombay , Kolkata - Calcutta , Chennai - Madras , Bangaluru - Bangalore , Bhubaneswar, Ahmedabad, Hyderabad, Pune, Surat, Jaipur, Firewall Service Providers in India

Sales Number : +91 95 8290 7788 | Support Number : +91 94 8585 7788
Sales Email : sales@itmonteur.net | Support Email : support@itmonteur.net

Register & Request Quote | Submit Support Ticket