The North Korean threat actors behind the ongoing Contagious Interview campaign are expanding their tentacles on the npm ecosystem by distributing more malicious packages including the BeaverTail malware and a new remote access trojan (RAT) loader.
“These latest samples employ hexadecimal string encoding to evade automated detection systems and manual code audits, signaling a variation in the threat actors’ obfuscation techniques,” Socket security researcher Kirill Boychenko noted in a report.
The following packages were downloaded over 5,600 times before being removed: empty-array-validator, twitterapis, debugger-vite, snore-log, core-pino, events-utils, icloud-cod, cln-logger, node-clog, and consolidate-log.
The announcement comes nearly a month after six npm packages were discovered to be distributing BeaverTail, a JavaScript stealer that can also deploy a Python-based backdoor known as InvisibleFerret. The campaign’s ultimate purpose is to breach developer systems using the premise of a job interview, steal sensitive data,
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: