3 different families of malware: BeaverTail, InvisibleFerret, and OtterCookie are being spread by 3 top cryptocurrency consulting companies- BlockNovas LLC, Angeloper Agency, and SoftGlide LLC by tricking candidates with potential job interviews. This tactic, known as Contagious Interview, gets candidates to unknowingly download malware when performing their technical coding assessment or fixing a browser issues to enable the activation of cameras during the interview. “The attacks lead to the deployment of a JavaScript stealer and loader called BeaverTail, which is then used to drop a Python backdoor referred to as InvisibleFerret that can establish persistence on Windows, Linux, and macOS hosts. Select infection chains have also been found to serve another malware codenamed OtterCookie via the same JavaScript payload used to launch BeaverTail.” These sites are being run by sites that have an IP located in Russia and also North Korea. The motivations of these campaigns are two-fold: steal data and financial gain by funneling some of the salaries back to North Korea.
