TLDR
- North Korean hackers are targeting non-developer job applicants in the cryptocurrency sector.
- The attackers use BeaverTail and InvisibleFerret malware to steal login credentials and crypto wallets.
- Both macOS and Windows users are advised to avoid suspicious downloads from GitHub and Vercel.
- The malware is disguised as a fix for fake microphone or camera errors during video recording.
- North Korean hackers have shifted their focus from developers to non-technical individuals in recent attacks.
North Korean hackers have intensified their attacks on the cryptocurrency sector by targeting non-developer job applicants. The hackers use two malware programs, BeaverTail and InvisibleFerret, to steal login credentials and crypto wallets. Both macOS and Windows users are advised to be cautious of suspicious downloads, particularly from GitHub or Vercel.
North Korean Malware Steals Crypto Data Quietly
North Korean hackers exploit job applicants by luring them into downloading fake software. Victims are tricked into running commands that create false errors in microphone or camera functions. These deceptive commands install the malicious payloads, BeaverTail and InvisibleFerret, on the victim’s system.
Once installed, these malware programs begin collecting sensitive data, including login information and cryptocurrency wallets.
“The malware operates quietly and can evade detection by blending in with seemingly harmless files,” cybersecurity experts warn.
This shift marks a significant change as North Korean hackers previously targeted developers but now focus on less tech-savvy individuals.
Changpeng Zhao Warns of Rising Cyber Threats
The recent attacks using BeaverTail have drawn attention due to their connection with North Korean hackers. IP addresses linked to the hermit kingdom have been identified in association with the malware. Former Binance CEO Changpeng Zhao recently alerted the public to the increasing use of deceptive tactics, with hackers posing as job candidates and employers.
As the malware evolves, it becomes harder to detect. Many of the malicious files are hidden in password-protected containers, further complicating efforts to stop the attacks. The cryptocurrency sector must remain vigilant as North Korean hackers continue to expand their tactics.
