A subgroup of the North Korea-linked hacker group Lazarus established three shell companies, two based in the United States, to distribute malware under the guise of offering crypto consulting services. These companies—BlockNovas, Angeloper Agency, and SoftGlide—trick job applicants through fake interviews. The malicious scheme involves displaying an error message during a video application process, prompting users to click a solution that leads to malware downloads. The malware used, including BeaverTail, Otter Cookie, and InvisibleFerret, targets sensitive information, such as cryptocurrency wallet keys. The hackers employ AI-generated images to create fake employee profiles and have been spotted using various platforms to lure victims. Silent Push security analysts reported ongoing activity from these campaigns since 2024, with the FBI having successfully taken down at least one of the companies. Victims among crypto developers have been noted, with high-profile cyber thefts linked to similar groups perpetuating scams in the blockchain space.

Source 🔗