Lazarus Hackers Target Crypto Job Seekers with New Malware
Hackers are luring job seekers into interviews by convincing them to install a special communication program that contains malicious code. OtterCookie can extract stored browser credentials, passwords, digital certificates, and private keys from cryptocurrency wallets. Attackers steal users’ sensitive data, with macOS devices being especially vulnerable to data extraction.
Analysts at SlowMist noted that this tactic is becoming increasingly popular among hackers—they are now less likely to conduct large-scale exploits and instead prefer more sophisticated social engineering methods. SlowMist reported that the North Korean hacker group Lazarus may be behind OtterCookie. In February, the group carried out the largest-ever crypto exchange hack on Bybit, with estimated losses of $1.5 billion.
SlowMist security experts urged cryptocurrency professionals to exercise caution when receiving job or investment offers, especially if prospective employers ask them to download any files during video calls. Users should not run unknown files, especially if they are presented as “technical issues” or “update packages.” They also recommend using antivirus software and regularly checking systems for suspicious activity.
In recent months, Lazarus hackers have increasingly targeted developer environments and wallet infrastructure, including Solana and Exodus. In April, the Federal Bureau of Investigation (FBI), with the help of cybersecurity company Silent Push, blocked a fake website belonging to the fictitious company Blocknovas, which had been registered by the hackers in the U.S.
Hackers are luring job seekers into interviews by convincing them to install a special communication program that contains malicious code. OtterCookie can extract stored browser credentials, passwords, digital certificates, and private keys from cryptocurrency wallets. Attackers steal users’ sensitive data, with macOS devices being especially vulnerable to data extraction.
Analysts at SlowMist noted that this tactic is becoming increasingly popular among hackers—they are now less likely to conduct large-scale exploits and instead prefer more sophisticated social engineering methods. SlowMist reported that the North Korean hacker group Lazarus may be behind OtterCookie. In February, the group carried out the largest-ever crypto exchange hack on Bybit, with estimated losses of $1.5 billion.
SlowMist security experts urged cryptocurrency professionals to exercise caution when receiving job or investment offers, especially if prospective employers ask them to download any files during video calls. Users should not run unknown files, especially if they are presented as “technical issues” or “update packages.” They also recommend using antivirus software and regularly checking systems for suspicious activity.
In recent months, Lazarus hackers have increasingly targeted developer environments and wallet infrastructure, including Solana and Exodus. In April, the Federal Bureau of Investigation (FBI), with the help of cybersecurity company Silent Push, blocked a fake website belonging to the fictitious company Blocknovas, which had been registered by the hackers in the U.S.
