Hackread reports that malicious videoconferencing apps and fraudulent job offers have been leveraged by North Korean hacking collective Lazarus Group to compromise blockchain professionals and developers with malware as part of the ongoing "Eager Crypto Beavers" attack campaign.
Attacks spreading the credential- and cryptocurrency wallet asset-stealing BeaverTail malware variant that delivers that information-stealing Python-based InvisibleFerret backdoor were initially conducted by Lazarus Group via fake job offers that dupe targets into executing a malicious Node.js project before the hacking operation also moved to spread BeaverTail via phony videoconferencing apps, an analysis from Group-IB revealed. Aside from expanding its attack arsenal to include exploitation of the Upwork, Moonlight, and WWR job portals, Lazarus Group has also added attack targets to compromise Microsoft Sticky Notes, password manager, and browser extension data, according to Group-IB researchers. Such a development indicates North Korean hackers' continuously evolving attack techniques which should prompt persistent cybersecurity training and increased vigilance on possible scams.
