A recent report from Group-IB has drawn attention to the ongoing cyber campaign led by North Korea’s Lazarus Group, referred to as the “Eager Crypto Beavers” initiative. This group utilizes advanced strategies, including deceptive job postings and malicious video conferencing software, to spread malware effectively.
The Lazarus Group, infamous for its affiliations with the North Korean government, is intensifying its financially driven cyber operations, as detailed in Group-IB’s latest findings. The ongoing “Eager Crypto Beavers” campaign employs increasingly sophisticated methods aimed at targeting professionals in the blockchain sector and developers within the cryptocurrency space.
The Contagious Interview Campaign
Among the tactics identified by researchers is a scheme labeled “Contagious Interview,” wherein potential victims are attracted through fraudulent job offers. Job seekers are directed to download a harmful Node.js project harboring a malware variant named “BeaverTail.” This malware subsequently deploys a Python-based backdoor known as “InvisibleFerret,” enabling the theft of sensitive credentials and data.
Additionally, the attackers have broadened their methods to include counterfeit video conferencing applications such as “FCCCall,” which imitate legitimate platforms. These malicious applications are distributed through cloned websites, functioning as delivery vehicles for the BeaverTail malware.
In the report disclosed to Hackread.com, Group-IB highlights that the Lazarus Group’s recent tactics encompass job platforms like WWR, Moonlight, and Upwork, in addition to LinkedIn, as venues for their phishing efforts.
The group is further exploiting platforms such as Telegram to manipulate victims, injecting malicious JavaScript into gaming and cryptocurrency projects hosted on GitHub. They distribute fraudulent video conferencing applications, including “FCCCall,” to install the BeaverTail malware. Once this malware is executed on Windows systems, it goes on to capture browser credentials and cryptocurrency wallet information before launching the InvisibleFerret malware. It is important to note that BeaverTail also targets macOS devices.
The malicious repositories operated by the group contain obfuscated code designed to pull additional threats from command-and-control servers, complicating detection efforts. BeaverTail’s Python variant, along with a tool known as CivetQ, offers remote access capabilities via AnyDesk and ensures continuity across Windows, macOS, and Linux platforms.
The Lazarus Group has also diversified its targets to include browser extensions, password managers, and Microsoft Sticky Notes, exfiltrating stolen data through FTP and Telegram. Key indicators of compromise in these attacks include command-and-control endpoints for malware downloads and unique file signatures that can be monitored.
Surprised? Don’t be!
The Lazarus Group has garnered a reputation for helping finance the North Korean regime through cyber thefts amounting to hundreds of millions of dollars, and their adaptation of new tactics should not come as a surprise. This evolving landscape is a stark reminder of the persistent risks posed by cyberattacks, which threaten both organizations and individuals alike.
In light of these growing threats, robust cybersecurity training is imperative for both businesses and educational institutions. Individuals must maintain vigilance and apply common sense in evaluating offers that appear too extraordinary to be genuine.
RELATED TOPICS
- Feds Bust North Korean Identity Theft Ring Targeting US Firms
- Hackers Used Fake Job Website to Scam Jobless US Veterans
- KnowBe4 Tricked into Hiring a North Korean Hacker as IT Pro
- Fake LinkedIn Job Offers Scam Spreading More_eggs Backdoor
- Fake GitHub Repos Caught Dropping Malware as PoCs AGAIN!
- Employee Duped by AI-Generated CFO in $25.6M Deepfake Scam
- Fake PoC Script Tricked Researchers into Downloading VenomRAT
Source Link : https://hackread.com/lazarus-group-blockchain-fake-video-conferencing-job-scam/
