Close Menu
Indo Guard OnlineIndo Guard Online
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
What's Hot

Google exposes Vishing Group UNC6040 target on Salesforce with a fake app for a data loader

June 4, 2025

Malicious Chaos Rats are aimed at Windows and Linux via fake network downloads

June 4, 2025

Why do traditional DLP solutions do not get in the browser era

June 4, 2025
Facebook X (Twitter) Instagram
Facebook X (Twitter) Instagram YouTube
Indo Guard OnlineIndo Guard Online
Subscribe
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
Indo Guard OnlineIndo Guard Online
Home » North Korean attackers are deploying COVERTCATCH malware via LinkedIn job scams
Global Security

North Korean attackers are deploying COVERTCATCH malware via LinkedIn job scams

AdminBy AdminSeptember 7, 2024No Comments3 Mins Read
Share
Facebook Twitter LinkedIn Pinterest Email Copy Link


September 7, 2024Ravi LakshmananCyber ​​Security / Malware

Threat actors linked to North Korea have been seen using LinkedIn as a way to target developers as part of a fake job recruitment operation.

These attacks use coding tests as a common initial infection vector, according to a new report by Google-owned Mandiant on the threats facing the Web3 sector.

“After the initial chat, the attacker sent a ZIP file containing the COVERTCATCH malware disguised as a Python coding problem,” said researchers Robert Wallace, Blas Kojusner and Joseph Dobson.

Cyber ​​security

The malware functions as a launch pad to compromise a target’s macOS system by downloading a second-stage payload that provides persistence via Launch Agents and Launch Daemons.

It should be noted that this is one of many clusters of activity, namely Operation Dream Job, Contagious Interview, and others, conducted by North Korean hacking groups that use work-related lures to infect targets with malware.

Recruitment-themed lures have also been a common distribution tactic for malware families such as RustBucket and KANDYKORN.

Mandiant said it observed a social engineering company that delivered a malicious PDF disguised as a job description for a “Vice President of Finance and Operations” at a prominent cryptocurrency exchange.

“The PDF malware released a second-level malware known as RustBucket, which is a backdoor written in Rust that supports file execution.”

The RustBucket implant is equipped to collect basic system information, communicate with a URL provided via the command line, and configure security using a launch agent masquerading as “Safari Update” to contact a hard-coded command-and-control (C2) domain.

North Korea’s attacks on Web3 organizations also go beyond social engineering to attack software supply chains, as seen in incidents targeting 3CX and JumpCloud in recent years.

“Once a foothold is established with malware, attackers look to password managers to steal credentials, perform internal reconnaissance using code and documentation repositories, and move into cloud hosting environments to discover wallet hotkeys and ultimately drain funds “, said Mandiant.

The disclosure comes amid a warning by the US Federal Bureau of Investigation (FBI) that North Korean threat actors are targeting the cryptocurrency industry with “highly tailored, hard-to-detect social engineering campaigns.”

This ongoing effort, posing as recruitment firms or individuals the victim may know personally or indirectly, with offers of employment or investment, is seen as a conduit for brazen crypto theft designed to generate illicit income for the hermit kingdom, which has been the subject of international sanctions.

Cyber ​​security

Tactics used include identifying interested cryptocurrency-related companies, conducting extensive pre-operational research on their targets before making contact, and crafting personalized fake scripts in an attempt to lure potential victims and increase the likelihood of their attacks being successful.

“Actors may refer to personal information, interests, affiliations, events, personal relationships, professional connections, or details that the victim believes few people know,” the FBI said, highlighting attempts to build relationships and ultimately deliver malware.

“If successful in establishing two-way contact, the original actor or other member of the acting team can spend a lot of time interacting with the victim to increase the sense of legitimacy and engender familiarity and trust.”

Did you find this article interesting? Follow us Twitter  and LinkedIn to read more exclusive content we publish.





Source link

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
Admin
  • Website

Related Posts

Google exposes Vishing Group UNC6040 target on Salesforce with a fake app for a data loader

June 4, 2025

Malicious Chaos Rats are aimed at Windows and Linux via fake network downloads

June 4, 2025

Why do traditional DLP solutions do not get in the browser era

June 4, 2025

Packages malicious Pypi, NPM and Rubin

June 4, 2025

HPE releases security patch for Storeonce error, which allows by -by -distance authentication

June 4, 2025

Fake Docusign, Gitcode Sites Distributed Netsupport Rat Through Multiple Attack PowerShell

June 3, 2025
Add A Comment
Leave A Reply Cancel Reply

Loading poll ...
Coming Soon
Do You Like Our Website
: {{ tsp_total }}

Subscribe to Updates

Get the latest security news from Indoguardonline.com

Latest Posts

Google exposes Vishing Group UNC6040 target on Salesforce with a fake app for a data loader

June 4, 2025

Malicious Chaos Rats are aimed at Windows and Linux via fake network downloads

June 4, 2025

Why do traditional DLP solutions do not get in the browser era

June 4, 2025

Packages malicious Pypi, NPM and Rubin

June 4, 2025

HPE releases security patch for Storeonce error, which allows by -by -distance authentication

June 4, 2025

Fake Docusign, Gitcode Sites Distributed Netsupport Rat Through Multiple Attack PowerShell

June 3, 2025

Critical 10-year Error Webmail RoundCube allows users to run the malicious code

June 3, 2025

Understanding the scammers and how to defend their organization

June 3, 2025
About Us
About Us

Provide a constantly updating feed of the latest security news and developments specific to Indonesia.

Facebook X (Twitter) Pinterest YouTube WhatsApp
Our Picks

Google exposes Vishing Group UNC6040 target on Salesforce with a fake app for a data loader

June 4, 2025

Malicious Chaos Rats are aimed at Windows and Linux via fake network downloads

June 4, 2025

Why do traditional DLP solutions do not get in the browser era

June 4, 2025
Most Popular

In Indonesia, crippling immigration ransomware breach sparks privacy crisis

July 6, 2024

Why Indonesia’s Data Breach Crisis Calls for Better Security

July 6, 2024

Indonesia’s plan to integrate 27,000 govt apps in one platform welcomed but data security concerns linger

July 6, 2024
© 2025 indoguardonline.com
  • Home
  • About us
  • Contact us
  • Privacy Policy

Type above and press Enter to search. Press Esc to cancel.