North Korean threat actors are using new malware called OtterCookie in the Contagious Interview campaign that is targeting software developers. Contag

New 'OtterCookie' malware used to backdoor devs in fake job offers

submited by
Style Pass
2024-12-26 20:30:04

North Korean threat actors are using new malware called OtterCookie in the Contagious Interview campaign that is targeting software developers.

Contagious Interview has been active since at least December 2022, according to researchers at cybersecurity company Palo Alto Networks. The campaign targets software developers with fake job offers to deliver malware such as BeaverTail and InvisibleFerret.

A report from NTT Security Japan notes that the Contagious Interview operation is now using a new piece of malware called OtterCookie, which was likely introduced in September and with a new variant appearing in the wild in November.

Just like in the attacks documented by Palo Alto Networks' Unit42 researchers, OtterCookie is delivered via a loader that fetches JSON data and executes the ‘cookie’ property as JavaScript code.

NTT says that, even though BeaverTail remains the most common payload, OtterCookie has been seen in some cases either deployed alongside BeaverTail or on its own.

Leave a Comment