Research has found that North Korean cyber criminals tricked unsuspecting ‘candidates’ into downloading fake Windows video conferencing applications which impersonated FreeConference.com. The campaign was labeled ‘Contagious Interview’ after being discovered by analysts.
Discovered by cyber security company ‘Group-IB’, the campaign was reportedly carried out by known threat actor ‘Lazarus’, who has been observed to have run similar operations in the past.
The attacks started through a job search platform, such as LinkedIn or Upwork. The attackers reached out to the intended target to discuss a job opportunity, and invited them to continue the discussion via Telegram. From there, the victim would be asked to download a video conferencing app FreeConference or Node.js for a trial technical task.
Elaborate schemes
Of course, these installers were fake, and the victim unknowingly downloaded malware named BeaverTail, which delivered a backdoor known as InvisibleFerreft, equipped with keylogging, remote control, and browser stealing capabilities. The FBI recently released a statement warning of efforts from North Korean hackers,
“North Korean social engineering schemes are complex and elaborate, often compromising victims with sophisticated technical acumen. Given the scale and persistence of this malicious activity, even those well versed in cybersecurity practices can be vulnerable to North Korea’s determination to compromise networks connected to cryptocurrency assets.”
The Lazarus group is infamous and has reportedly been active since 2010. In that time, it has attacked a range of targets, including governments, healthcare, finance, and defense infrastructure.
As always, we recommend only downloading apps from official sources, and verifying the identity of anyone you’re speaking to online. We’ve listed our picks for the best malware removal software to help keep your information safe.
Via The Hacker News
