The North Korean threat actor behind the Contagious Interview campaign is refining its malware tools, integrating features of BeaverTail and OtterCookie with new modules for keylogging and screenshots. Recent activities reveal the use of decentralized blockchain infrastructure for command-and-control, highlighting evolving tactics in nation-state cyber operations. #FamousChollima #ContagiousInterview
Keypoints
- The threat actor is merging functionalities of BeaverTail and OtterCookie malware, indicating toolset refinement.
- Recent campaigns involve using stealthy EtherHiding techniques to fetch payloads via blockchain networks.
- The campaign originated from a fake job offer scam, leading to malware infections during technical interviews.
- The malware includes modules for keylogging, screenshot capture, browser and wallet data theft, and remote access.
- Discovery of malware in a malicious npm package suggests ongoing experimentation with new delivery methods, including Visual Studio Code extensions.
Read More: https://thehackernews.com/2025/10/north-korean-hackers-combine-beavertail.html