North Korean Hackers Use 11 Malicious npm Packages to Propagate BeaverTail Malware

 

The North Korean threat actors behind the ongoing Contagious Interview campaign are expanding their tentacles on the npm ecosystem by distributing more malicious packages including the BeaverTail malware and a new remote access trojan (RAT) loader. 

“These latest samples employ hexadecimal string encoding to evade automated detection systems and manual code audits, signaling a variation in the threat actors’ obfuscation techniques,” Socket security researcher Kirill Boychenko noted in a report. 

The following packages were downloaded over 5,600 times before being removed: empty-array-validator, twitterapis, debugger-vite, snore-log, core-pino, events-utils, icloud-cod, cln-logger, node-clog, and consolidate-log. 

The announcement comes nearly a month after six npm packages were discovered to be distributing BeaverTail, a JavaScript stealer that can also deploy a Python-based backdoor known as InvisibleFerret. The campaign’s ultimate purpose is to breach developer systems using the premise of a job interview, steal sensitive data,

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents

Read the original article: