Summary: North Korea-linked threat actors have employed front companies in the cryptocurrency consulting industry to distribute malware through fake job postings during a social engineering campaign dubbed Contagious Interview. This scheme utilizes various malware families including BeaverTail and InvisibleFerret, with sophisticated tactics including the use of artificial intelligence for creating fake personas and managing job applications. The FBI has seized the assets of one of the front companies, BlockNovas, as part of efforts to combat these malicious activities.
Affected: BlockNovas LLC, Angeloper Agency, SoftGlide LLC
Keypoints :
- Threat actors used front companies in the cryptocurrency sector to spread malware via fake job interviews.
- Three malware families—BeaverTail, InvisibleFerret, and OtterCookie—are being distributed under the guise of coding assignments and browser issues.
- AI tools and Russian IP ranges are utilized to enhance fraudulent activities, with some operations linked to North Korean cyber actors in cooperation with Russian entities.
Source: https://thehackernews.com/2025/04/north-korean-hackers-spread-malware-via.html