Security News > 2024 > July > North Korean Hackers Update BeaverTail Malware to Target MacOS Users
![North Korean Hackers Update BeaverTail Malware to Target MacOS Users](/static/build/img/news/north-korean-hackers-update-beavertail-malware-to-target-macos-users-medium.jpg)
BeaverTail refers to a JavaScript stealer malware that was first documented by Palo Alto Networks Unit 42 in November 2023 as part of a campaign dubbed Contagious Interview that aims to infect software developers with malware through a supposed job interview process.
Securonix is tracking the same activity under the moniker DEV#POPPER. Besides siphoning sensitive information from web browsers and crypto wallets, the malware is capable of delivering additional payloads like InvisibleFerret, a Python backdoor that's responsible for downloading AnyDesk for persistent remote access.
While BeaverTail has been distributed via bogus npm packages hosted on GitHub and the npm package registry, the latest findings mark a shift in the distribution vector.
"The North Korean hackers are a wily bunch and are quite adept at hacking macOS targets, even though their technique often rely on social engineering," Wardle said.
The package, suspected to be the work of the North Korea-linked Lazarus Group and unpublished about an hour and a half later after it was uploaded to npm, attracted a total of 18 downloads.
"These packages, once installed, would download a remote file, decrypt it, execute an exported function from it, and then meticulously cover their tracks by deleting and renaming files," the software supply chain security company said.
News URL
https://thehackernews.com/2024/07/north-korean-hackers-update-beavertail.html
Related news
- Russian Hackers Target Europe with HeadLace Malware and Credential Harvesting (source)
- Beware: Fake Browser Updates Deliver BitRAT and Lumma Stealer Malware (source)
- Andariel Hackers Target South Korean Institutes with New Dora RAT Malware (source)
- Hackers Use MS Excel Macro to Launch Multi-Stage Malware Attack in Ukraine (source)
- Hackers Exploit Legitimate Packer Software to Spread Malware Undetected (source)
- Pakistan-linked Malware Campaign Evolves to Target Windows, Android, and macOS (source)
- North Korean Hackers Target Brazilian Fintech with Sophisticated Phishing Tactics (source)
- Pakistani Hackers Use DISGOMOJI Malware in Indian Government Cyber Attacks (source)
- Hackers use F5 BIG-IP malware to stealthily steal data for years (source)
- Clever macOS malware delivery campaign targets cryptocurrency users (source)