North Korean Hackers Exploit Fake Job Interviews to Target Developers with Cross-Platform Malware
North Korean-linked cyber baddies have been spotted going after peeps looking for tech jobs with some sneaky malware called BeaverTail and InvisibleFerret. This shady bunch is part of something bigger that Palo Alto Networks' Unit 42 called "Contagious Interview," and they talked about it back in November 2023.
These sketchy folks pretend to be job recruiters on job websites and hit up software developers for fake online interviews. They trick them into installing some really nasty stuff, like the BeaverTail malware, which is like a Trojan horse for computers. It can mess with Windows and Macs, and it's got a buddy named InvisibleFerret that can sneak in too.
Even though everyone knows about it now, they're still at it because it works. They use fake video chat apps that look like the real deal, like MiroTalk and FreeConference.com, to get the malware on the developers' computers.
Some guy named Assaf Dahan, who's big into threat research at Unit 42, says they're still using the same old tricks because they work so well. They play on the fact that job hunters are eager and might not be as careful with their computer security. It's like catfishing, but for stealing your job info and maybe even your Bitcoin wallet password.
The new version of BeaverTail is pretty clever; it uses this Qt thing that lets it go after both Windows and Mac computers. It swipes your browser passwords and crypto wallet deets without changing its main MO. It's like it's got superpowers now.
But wait, there's more! BeaverTail also lets the baddies put in this other malware, InvisibleFerret, that does a bunch of shady stuff like checking out your whole computer, recording what you type, and stealing login info and credit card numbers from your browser. It's like having a creepy hacker ghost in your machine.
Unit 42 thinks these guys might just be in it for the moolah, 'cause BeaverTail is now set to snatch data from 13 different crypto wallets. And we all know North Korea's got a history of using the internet to get some extra cash for their country's piggy bank. Watch out, job hunters! Make sure you don't fall for these tricks.