This report details a North Korea-linked campaign called Contagious Interview, which uses multi-platform malware and social engineering tactics to target cryptocurrency developers globally. The campaign involves fake job offers and malicious programming exercises to deliver malware like BeaverTail, WeaselStore, Tropidoor, and AkdoorTea, linked to Lazarus Group tools. #ContagiousInterview #LazarusGroup
Keypoints
- The campaign targets software developers involved in cryptocurrency and Web3 projects across multiple operating systems.
- Malicious actors impersonate recruiters offering fake job opportunities to deliver malware through linked platforms.
- The malware arsenal includes tools such as BeaverTail, WeaselStore, Tropidoor, TsunamiKit, and AkdoorTea for data theft and persistence.
- TsunamiKit is a sophisticated toolkit for cryptocurrency theft that dates back to December 2021, predating the campaign.
- The actors use social engineering and open-source tools, exploiting human vulnerabilities to carry out their operations.
Read More: https://thehackernews.com/2025/09/north-korean-hackers-use-new-akdoortea.html