Security News > 2023 > March > Security researchers targeted with new malware via job offers on LinkedIn
A suspected North Korean hacking group is targeting security researchers and media organizations in the U.S. and Europe with fake job offers that lead to the deployment of three new, custom malware families.
Mandiant says the particular group has previously targeted tech firms, media groups, and entities in the defense industry.
One of the lures shared by Mandiant impersonates the New York Times, as shown below.
TouchShift then loads another screenshot utility called "TouchShot," a keylogger named "TouchKey," a tunneller named "HookShot," a new loader named "TouchMove," and a new backdoor named "SideShow."
North Korean hackers previously targeted security researchers involved in vulnerability and exploit development by creating fake online social media personas that pretended to be vulnerability researchers.
These personas would then contact other security researchers about potential collaboration in vulnerability research.
News URL
Related news
- Vultur banking malware for Android poses as McAfee Security app (source)
- Winnti's new UNAPIMON tool hides malware from security software (source)
- Researchers Identify Multiple China Hacker Groups Exploiting Ivanti Security Flaws (source)
- Researchers sinkhole PlugX malware server with 2.5 million unique IPs (source)