Group-IB has published a new report shedding light on the activities of the North Korean Lazarus Group, specifically their latest campaign known as the “Eager Crypto Beavers” campaign. This group, notorious for its ties to the North Korean government, has been using advanced tactics to carry out financially motivated cyberattacks.
The campaign, named “Contagious Interview,” is designed to lure victims with fake job offers, targeting blockchain professionals and developers. The victims are tricked into downloading a malicious Node.js project containing the BeaverTail malware, which then deploys a Python backdoor called InvisibleFerret to steal sensitive data. Moreover, the Lazarus Group has expanded its methods by using fraudulent video conferencing applications like “FCCCall” to distribute malware through cloned websites.
According to the report, the Lazarus Group has been utilizing various platforms such as job portals like WWR, Moonlight, and Upwork, as well as LinkedIn to carry out their attacks. Additionally, the group has been manipulating victims through platforms like Telegram and injecting malicious JavaScript into gaming and cryptocurrency projects on GitHub. The use of fraudulent video conferencing applications like “FCCCall” has become a common tactic for the Lazarus Group to install malware like BeaverTail, which targets not only Windows but also macOS devices.
The malware employed by the group, BeaverTail, contains obfuscated code that fetches additional threats from command-and-control (C2) servers, making it challenging to detect. Furthermore, BeaverTail’s Python version and another tool called CivetQ enable remote access via AnyDesk and ensure persistence across Windows, macOS, and Linux systems. The group has also expanded its data theft targets to include browser extensions, password managers, and even Microsoft Sticky Notes, using FTP and Telegram as exfiltration points for stolen data.
This escalation in cyber activity by the Lazarus Group is not surprising, given their history of funding the North Korean economy through cyberattacks. This serves as a reminder of the significant threat posed by cyberattacks to both companies and individuals. It underscores the importance of implementing cybersecurity training in businesses and schools, as well as staying vigilant and using common sense to avoid falling victim to scams that seem too good to be true.
In light of these developments, it is crucial for individuals and organizations to remain proactive in their cybersecurity measures to protect themselves from such sophisticated cyber threats. Collaboration between cybersecurity experts, law enforcement agencies, and technology companies is essential to combat the evolving tactics of threat actors like the Lazarus Group. By staying informed and implementing best practices in cybersecurity, individuals can reduce their risk of falling prey to malicious activities online.