A North Korean subgroup associated with hacker organization Lazarus established three shell companies, two in the US, to deliver malware to worried users.
The three sham crypto consulting firms – blocknovas, angeloper agencies and softglide – are used by North Korean Hacker Group Infectious interview To distribute malware through fake work interviews, silent threat analysts Says In a report of April 24th.
Silent Push Senior Threat Analyst Zach Edwards Says In an April 24 statement on X that two shell companies were registered as legitimate businesses in the United States.
“These websites and a large network of hire / recruiting websites are used to deceive people to apply for jobs,” he said.
“During the employment application process An error message is displayed as someone tries to record an introduction video. The solution is an easy click on the copy of the clicking and paste the trick, leading to malware if the undoubted developer completed the process.”
Three strains of malware – beavertail, invisibleferret and otter cookie – are used according to silent push.
Beavertail is malware mainly Designed for theft of information and to load additional malware stages. OTTERCOOKIE AND INVISIBERFERret Mainly Target sensitive information, including crypto wallet keys and clipboard data.
Silent Push Analysts said in the report that hackers use GitHub, work list and freelancers to look for victims.
AI used to create fake employees
The Ruse also involves hackers using AI-generated images to create employees’ profiles for three crypto companies and stealing images of real people.
“There are many fake employees and stolen images from real people used throughout this network. We have recorded some of the obvious fakes and stolen images, but it is very important to appreciate that the efforts of pretending from this campaign are different,” Edwards said.
“In one of the examples, the actor’s threats take a real picture from a real person, and then it appears to run it through an AI image modifier tool to create a subtle different version of the same image.”
Related: Fake Zoom Malware steals crypto while it’s ‘stuck’ loading, the user warns
This malware campaign has been ongoing since 2024. Edwards said there are well -known public victims.
The quiet push met two developers who were targeting the campaign; One of them has been reported to have their Metamask Wallet compromised.
The FBI has since closed at least one of the companies.
“The Federal Bureau of Investigation (FBI) has taken the Blocknovas domain, but softglide is still alive, along with some of their other infrastructure,” Edwards said.
At least three Crypto founders reported in March that they had been lying an attempt from the so -called North Korea Hacker to steal sensitive data by fake zoom calls.
Groups like Lazarus Group are the prime suspects of some of the largest robbery in Cyber on the web3, including the The bybit $ 1.4 billion hack And the Ron’s $ 600 million network Hack.
Magazine: Lazarus Group’s favorite exploitation is revealed – Crypto hacks review
