North Korean threat actors are using ClickFix-style social engineering to deliver malware like BeaverTail and InvisibleFerret, targeting marketing and trading roles in cryptocurrency and retail sectors. These campaigns are evolving with the use of compiled binaries and fake job platforms, reflecting operational adaptation by Lazarus subgroup. #NorthKoreanThreats #Lazarus #BeaverTail #InvisibleFerret
Keypoints
- North Korean hackers are leveraging ClickFix-style tactics to distribute malware targeting various sectors.
- BeaverTail and InvisibleFerret are used as information stealers and backdoor downloaders, often via fake job platforms.
- The campaigns have shifted toward targeting marketing and trading roles with compiled malware variants for broader system compatibility.
- Researchers observe operational tactics such as infrastructure replacement and reconnaissance to sustain malicious activities.
- Other groups like ScarCruft and Kimsuky are evolving malware tools and tactics, including ransomware and deepfake impersonation campaigns.
Read More: https://thehackernews.com/2025/09/dprk-hackers-use-clickfix-to-deliver.html