lazarusholic

Everyday is lazarus.dayβ

Contagious Interview (DPRK) Launches a New Campaign Creating Three Front Companies to Deliver a Trio of Malware

2025-04-24, Silentpush
https://www.silentpush.com/blog/contagious-interview-front-companies/
#BeaverTail #ContagiousInterview #InvisibleFerret #OtterCookie #FamousChollima #ClickFix

Contents

Contagious Interview (DPRK) Launches a New Campaign Creating Three Front Companies to Deliver a Trio of Malware: BeaverTail, InvisibleFerret, and OtterCookie
Key findings
- Silent Push Threat Analysts have uncovered three cryptocurrency companies that are actually fronts for the North Korean advanced persistent threat (APT) group Contagious Interview: BlockNovas LLC, Angeloper Agency, and SoftGlide LLC.
- Our malware analysts confirmed that three strains, BeaverTail, InvisibleFerret, and OtterCookie, are being used to spread malware via “interview malware lures” to unsuspecting cryptocurrency job applicants.
- The threat actor heavily uses AI-generated images to create profiles of “employees” for the three front crypto companies, using “Remaker AI” (remaker[.]ai) for some of the AI images.
- As part of the crypto attacks, the threat actors are heavily using Github, job listing, and freelancer websites.
Executive Summary
Silent Push Threat Analysts recently identified and mapped out a new campaign linked to the North Korean APT group Contagious Interview. Also known as “Famous …