Carding Forum
Professional
- Messages
- 2,788
- Reaction score
- 1,176
- Points
- 113
How can a simple job interview turn into a data theft operation?
Cybersecurity researchers at Objective-See discovered an updated version of a well-known malware linked to hackers from North Korea, which is used for cyber espionage targeting job seekers.
The malicious file identified by experts is an Apple macOS disk image (DMG) called "MiroTalk. dmg". It mimics a legitimate video calling service, but actually serves to deliver malware called BeaverTail, said security researcher Patrick Wardle.
BeaverTail is a JavaScript malware first documented by Palo Alto Networks in November 2023. The malware was identified as part of an investigation into a malicious campaign called Contagious Interview, aimed at infecting software developers through the fictitious interview process. Securonix tracks similar activity under the name DEV#POPPER.
In addition to stealing confidential information from web browsers and cryptocurrency wallets, BeaverTail can deliver additional malicious components, such as InvisibleFerret, a Python backdoor that AnyDesk downloads for permanent remote access to the target system.
Previously, BeaverTail was distributed through fake packages hosted on GitHub and in the npm registry. The new data shows a change in the propagation vector. "It is likely that hackers from North Korea invited their potential victims to join the interview by downloading and running an infected version of MiroTalk hosted on mirotalk [.] net," Wardle suggested.
Analysis of the DMG file revealed that it steals data from cryptocurrency wallets, iCloud keychains, and browsers such as Google Chrome, Brave, and Opera. It also downloads and executes additional Python scripts from a remote server.
"North Korean hackers are adept and quite skilled at attacking macOS, although their methods are often based on social engineering and technically unimpressive," Wardle said.
This malicious campaign highlights the importance of vigilance in the digital world, especially when looking for a job, because attackers are constantly improving their methods, using people's trust and desire for employment.
To protect yourself, you need to critically evaluate any offers and files related to interviews, and always verify the authenticity of sources before installing software, even if it seems legitimate.
Source
Cybersecurity researchers at Objective-See discovered an updated version of a well-known malware linked to hackers from North Korea, which is used for cyber espionage targeting job seekers.
The malicious file identified by experts is an Apple macOS disk image (DMG) called "MiroTalk. dmg". It mimics a legitimate video calling service, but actually serves to deliver malware called BeaverTail, said security researcher Patrick Wardle.
BeaverTail is a JavaScript malware first documented by Palo Alto Networks in November 2023. The malware was identified as part of an investigation into a malicious campaign called Contagious Interview, aimed at infecting software developers through the fictitious interview process. Securonix tracks similar activity under the name DEV#POPPER.
In addition to stealing confidential information from web browsers and cryptocurrency wallets, BeaverTail can deliver additional malicious components, such as InvisibleFerret, a Python backdoor that AnyDesk downloads for permanent remote access to the target system.
Previously, BeaverTail was distributed through fake packages hosted on GitHub and in the npm registry. The new data shows a change in the propagation vector. "It is likely that hackers from North Korea invited their potential victims to join the interview by downloading and running an infected version of MiroTalk hosted on mirotalk [.] net," Wardle suggested.
Analysis of the DMG file revealed that it steals data from cryptocurrency wallets, iCloud keychains, and browsers such as Google Chrome, Brave, and Opera. It also downloads and executes additional Python scripts from a remote server.
"North Korean hackers are adept and quite skilled at attacking macOS, although their methods are often based on social engineering and technically unimpressive," Wardle said.
This malicious campaign highlights the importance of vigilance in the digital world, especially when looking for a job, because attackers are constantly improving their methods, using people's trust and desire for employment.
To protect yourself, you need to critically evaluate any offers and files related to interviews, and always verify the authenticity of sources before installing software, even if it seems legitimate.
Source
