Lazarus Hackers Targeting Job Seekers with JavaScript Malware

Home/Compromised, Exploitation, malicious cyber actors, Malware, Security Advisory, Security Update/Lazarus Hackers Targeting Job Seekers with JavaScript Malware

Lazarus Hackers Targeting Job Seekers with JavaScript Malware

Lazarus Group, a notorious North Korean-linked hacker group active since 2010, has intensified its attacks in 2024. Group-IB researchers found Lazarus abusing Contagious Interview campaigns using BeaverTail malware and the InvisibleFerret backdoor.

Originally a JavaScript threat, BeaverTail now targets macOS, Windows, and Python. New malicious repositories linked to Lazarus have also surfaced on code-sharing platforms.

Lazarus Hackers Targeting Job Seekers

Lazarus has expanded its tactics to target blockchain professionals, now using platforms like WWR, Moonlight, and Upwork to initiate contact and move conversations to Telegram. Key attack methods include fake video conferencing apps and trojanized Node.js projects.

The group’s main malware, “BeaverTail,” poses as a legitimate Qt6-based app called FCCCall, allowing hackers to steal browser credentials and cryptocurrency wallet data.

BeaverTail malware creates a hidden .n3 folder to temporarily store stolen data before sending it to a command-and-control (C2) server using the multipart/form-data MIME type.

Lazarus has deployed a cross-platform Python backdoor, “InvisibleFerret,” allowing remote control, keystroke logging, and browser data theft, according to Group-IB. The group also improved JavaScript obfuscation by hiding code in library files with large blank spaces or pushing it far from the main content.

Lazarus has added intermediate systems and CivetQ, a set of Python scripts for various malicious tasks. They now target 74 more extensions, including authenticators and password managers. New persistence methods include unattended AnyDesk access and data exfiltration via FTP and Telegram, with data sent zipped and XOR-encoded. These strategies, aimed at cryptocurrency theft and sustained access, make Lazarus one of the most dangerous cyber threats today.

Recommendations:

  1. Be Cautious: Avoid downloading or opening .exe files from recruiters.
  2. Verify: Check the legitimacy of companies and recruiters before interacting.
  3. Be Wary: Do not click on suspicious email links or open attachments.
  4. Scan Files: Use updated antivirus software to scan all files.
  5. Enhance Security: Utilize advanced threat intelligence solutions.
  6. Protect Your Brand: Implement Digital Risk Protection to prevent brand impersonation.
By | 2024-10-22T23:21:19+05:30 September 5th, 2024|Compromised, Exploitation, malicious cyber actors, Malware, Security Advisory, Security Update|

About the Author:

FirstHackersNews- Identifies Security

Leave A Comment

Subscribe to our newsletter to receive security tips everday!