North Korean Hacker Group Lazarus Strikes Again!
The latest report reveals that the “Contagious Interview” scheme employs fake cryptocurrency companies to conduct social engineering attacks, spreading malware to job seekers and stealing personal information. With a combination of sophisticated techniques and AI technology, every move of the North Korean hackers is closely monitored by global cybersecurity teams.
Fake Company Trap Exposed: Three Shell Companies Luring Victims
Cybersecurity company Silent Push released a report yesterday, exposing three fraudulent companies masquerading as legitimate cryptocurrency enterprises:
“BlockNovas LLC”,
“Angeloper Agency”, and
“SoftGlide LLC”. These companies serve as fronts for the North Korean hacker group’s “Contagious Interview” attacks.
Under the guise of recruitment, these firms distribute three carefully crafted pieces of malware through the interview process to the job seekers’ devices.
Alarmingly, the organization frequently executing the “Contagious Interview” attacks has been identified as a notorious branch of the Lazarus Group, exhibiting signs of “resource sharing” with another hacker group, TraderTraitor, during their attack on ByBit exchange, indicating a possible collaborative network among North Korean hackers.
Malware Trilogy: Precisely Targeting Job Seekers’ Devices
The company noted that three types of malware played a critical role in this operation:
BeaverTail: Supports Linux, macOS, and Windows, with persistent infection capabilities, enabling long-term stealth on victims’ devices.
InvisibleFerret: Written in Python, often mistaken for BeaverTail, but is an independent threat.
OtterCookie: Specifically designed to steal cryptocurrency credentials and data, usually bundled with files that job seekers are required to download during the interview process.
These programs often use “interview documents” as bait to entice victims to click and download.
Recently, on-chain cybersecurity experts also discovered a new type of scam where North Korean hackers impersonate venture capital (VC) experts, luring victims through common audio issues in Zoom meetings to download audio repair files containing malware, potentially leading to theft of personal funds or sensitive information.
AI Fake Employees Assist: Remaker AI Makes Scams More Convincing
Silent Push concurrently reported that the organization effectively utilizes AI tools such as Remaker AI to generate fictitious employee profiles and resumes, significantly enhancing the credibility of the fake companies.
Taking BlockNovas as an example, it claims to have 14 employees, but Silent Push confirmed that most of them are fabricated characters, with their LinkedIn pages and personal websites being forged content.
BlockNovas Job Listings
Online Social Engineering Phishing: Comprehensive Infiltration from LinkedIn to GitHub
The hacker organization posts high-paying job openings through LinkedIn, GitHub, and freelancer platforms to attract job seekers. Once victims enter the fake interview process, they are guided to download malware, leading to system breaches and theft of private data:
Unfortunately, we have confirmed multiple victim cases, predominantly among job seekers in the cryptocurrency industry, which may deepen developers’ hostility and anxiety towards the field.
Similar social engineering attacks have recently occurred, with Google warning a few weeks ago: “Companies must increase vigilance, enhance applicant background checks, verification processes, and cybersecurity protections, particularly concerning remote personnel and outsourced platforms.”
Cybersecurity Defense Recommendations: How to Protect Yourself from Recruitment Traps
Silent Push urges companies and individuals to adopt the following preventive measures:
Identify the authenticity of job openings and avoid invitations from unofficial platforms.
Verify before clicking on unknown links and downloading unfamiliar files.
Utilize advanced threat intelligence tools to detect suspicious activities and attack indicators.
The technical details of the investigation have not been disclosed to avoid hacker reconnaissance, but relevant reports and response strategies will be provided to corporate clients.
AI and Cyber Attacks Converge: Cybersecurity Defenses Need Strengthening
The attacks by the North Korean “Contagious Interview” organization once again demonstrate that hacker techniques are continuously evolving. With the advancements in AI and fake identity technologies, companies and job seekers face unprecedented challenges. Strengthening cybersecurity awareness and enhancing defense mechanisms have become urgent priorities.
Risk Warning
Investing in cryptocurrency carries a high risk, with prices potentially fluctuating dramatically, and you may lose your entire principal. Please evaluate risks carefully.