Threat Intelligence, Malware

Novel OtterCookie malware added to Contagious Interview attack arsenal

North Korea hacking concept of a computer keyboard and a key painted with the North Korean flag

BleepingComputer reports that intrusions with the new OtterCookie malware and its updated iteration have been launched by North Korean threat actors against software developers as part of the Contagious Interview campaign, which initially involved the deployment of the BeaverTail and InvisibleFerret payloads.

Malicious npm packages from Bitbucket or GitHub, as well as Qt files and Electron apps have been leveraged by attackers to distribute the loader containing OtterCookie, which when executed uses the Socket.IO WebSocket tool to receive data exfiltration commands, according to an analysis from NTT Security Japan.

While the initial version of OtterCookie identified in September allowed Ethereum private key compromise through its built-in checkForSensitiveData functionality, the November update facilitated such activity, as well as clipboard data compromise, via remote shell commands. Researchers also discovered the newer OtterCookie variant's integration of reconnaissance commands for potential lateral movement and further systems breach.

Such findings indicate the continued evolution of the Contagious Interview campaign that should prompt increased vigilance among software developers, researchers said.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds