Recent reports have revealed that a subgroup of the notorious North Korea-linked hacking collective, Lazarus Group, has established a network of fake companies to distribute malware targeting job seekers in the cryptocurrency sector. This alarming development raises concerns about cybersecurity and the risks faced by individuals navigating the job market in the digital age.
Fake Companies Used for Malware Distribution
According to Silent Push, a cybersecurity firm, the three fraudulent crypto consulting firms—BlockNovas, Angeloper Agency, and SoftGlide—are being exploited by the North Korean hacking group known as Contagious Interview to spread malware. These companies, two of which are registered in the United States, have been designed to deceive potential job applicants, as detailed in an April 24 report.
“These websites and a vast network of accounts on hiring and recruiting platforms are being used to mislead individuals into applying for jobs,” stated Zach Edwards, a senior threat analyst at Silent Push, in an April 24 statement. He elaborated that during the application process, victims encounter an error message while attempting to record an introduction video. The supposed solution involves a simple click-and-copy action, which inadvertently leads to malware installation when applicants follow through.
Malware Types and Tactics
Silent Push reported that the hackers are utilizing three specific strains of malware—BeaverTail, InvisibleFerret, and Otter Cookie. BeaverTail primarily focuses on information theft and deploying additional malware stages, while OtterCookie and InvisibleFerret target sensitive data such as cryptocurrency wallet keys and clipboard information.
The report also noted that the attackers are leveraging GitHub job listings and freelancer platforms to identify potential victims.
Adding to the deception, the hackers have employed AI-generated images to fabricate profiles of nonexistent employees for the fraudulent companies. Edwards remarked, “Numerous fake employees and stolen images from real people populate this network. We’ve documented some of the obvious falsifications, underscoring the severity of their impersonation efforts.” He referenced instances where authentic photographs were modified using AI tools to create subtly different versions.
This ongoing malware campaign has been traced back to at least 2024, with specific victims already reported by Silent Push, including a developer whose MetaMask wallet was compromised. In a significant law enforcement action, the FBI has successfully shut down at least one of the fraudulent companies involved in the scheme. Edwards indicated that while the FBI acquired the BlockNovas domain, SoftGlide and some other infrastructure remain operational.
In March, at least three cryptocurrency founders reported thwarting attempts by suspected North Korean hackers to extract sensitive information through fraudulent Zoom calls. The Lazarus Group, associated with some of the most significant cyber heists in the Web3 space—including the notorious hacks of Bybit and the Ronin network—continues to pose a significant threat to the industry, complicating the landscape for cybersecurity efforts.
Magazine: Lazarus Group’s Favorite Exploit Revealed — Crypto Hacks Analysis
Peter, a distinguished alumnus of a prominent journalism school in New Jersey, brings a rich tapestry of insights to ‘The Signal’. With a fervent passion for news, society, art, and television, Peter exemplifies the essence of a modern journalist. His keen eye for societal trends and a deep appreciation for the arts infuse his writing with a unique perspective. Peter’s journalistic prowess is evident in his ability to weave complex narratives into engaging stories. His work is not just informative but a journey through the multifaceted world of finance and societal dynamics, reflecting his commitment to excellence in journalism.
