A recent report highlights OtterCandy, a sophisticated malware family associated with North Korean-linked group WaterPlum, targeting multiple platforms. The malware’s latest version enhances its data theft, persistence, and anti-forensic capabilities, marking a significant evolution in their intrusion tactics. #WaterPlum #OtterCandy #FamousChollima
Keypoints
- OtterCandy is a cross-platform malware used for remote access and data theft.
- The malware is attributed to the North Korea-linked group WaterPlum, specifically Cluster B.
- Recent updates have improved OtterCandy’s persistence, data exfiltration, and anti-forensic features.
- OtterCandy communicates with C2 servers via Socket.IO to execute commands and steal information.
- Version 2 of OtterCandy adds more comprehensive data exfiltration and anti-forensic modules compared to earlier versions.