SlowMist: North Korea's Lazarus is using a new stealthy information-stealing trojan called OtterCookie to launch targeted attacks against cryptocurrency practitioners

BlockBeats News, June 6th, the latest intelligence from the SlowMist Security Team shows that the North Korean Lazarus hacking group is using a new stealthy information-stealing trojan called OtterCookie to launch targeted attacks against cryptocurrency and financial professionals.

The tactics involved include forging high-paying job interview/investor talks, using deepfake videos to impersonate the recruiting party, and disguising malware as "programming test questions" or "system update packages."

The targets for theft include browser-stored login credentials, passwords and digital certificates in the macOS Keychain, as well as cryptocurrency wallet information and private keys.

SlowMist advises to remain vigilant against actively provided job/investment invitations, conduct multi-factor authentication for remote interviews, avoid running executable files of unknown origin, especially those disguised as "technical test questions" or "update patches," strengthen endpoint defense (EDR), deploy antivirus software, and regularly check for unusual processes.