Intrusions involving new iterations of the BeaverTail and InvisibleFerret malware payloads have been deployed by North Korean state-backed attackers as part of a fraudulent job recruitment campaign aimed at the tech sector dubbed "Contagious Interview," which was initially discovered last November, The Hacker News reports.
While threat actors continued to impersonate employers on job search platforms to lure software developers into participating in an online interview that would be followed by BeaverTail malware compromise, more recent attacks entailed the deployment of a new Qt-based BeaverTail version that enabled browser credential and cryptocurrency wallet data exfiltration from both Windows and macOS systems, an analysis from Palo Alto Networks Unit 42 revealed. Attackers also leveraged the updated BeaverTail iteration to facilitate the execution of the InvisibleFerret payload, which has keylogging, data theft, and AnyDesk downloading, and browser data exfiltration capabilities. "North Korean threat actors are known to conduct financial crimes for funds to support the DPRK regime. This campaign may be financially motivated, since the BeaverTail malware has the capability of stealing 13 different cryptocurrency wallets," said Unit 42.