Summary:

• North Korean hackers are pretending to be employers to trick developers into downloading malware during fake job interviews.
• The malware, BeaverTail, and InvisibleFerret work on both Windows and macOS systems.
• It can steal passwords, and cryptocurrency wallet data, and allow hackers to control infected computers.
• Fake video conferencing apps are being used to deliver the malware.

Hackers linked to North Korea are using fake job interviews to trick software developers into downloading harmful malware that can infect both Windows and macOS computers. This malware, known as BeaverTail and InvisibleFerret, steals sensitive information and allows remote control of the infected devices.

The hacking campaign, called "Contagious Interview," was first discovered by Palo Alto Networks Unit 42 in November 2023. In this attack, the hackers pretend to be potential employers and reach out to developers on job search platforms. They invite the victims to online interviews and convince them to download what appears to be coding tasks but is actually malware.

The first piece of malware, BeaverTail, steals information and then installs another, more dangerous malware called InvisibleFerret. Despite the campaign being exposed, hackers continue to have success tricking developers into downloading these harmful files.

Recent analysis by cybersecurity experts Patrick Wardle and Group-IB reveals that hackers have used fake video conferencing apps, posing as well-known platforms like MiroTalk and FreeConference.com, to spread this malware. These fake apps, built using a tool called Qt, work on both Windows and macOS. Once installed, the malware can steal browser passwords, cryptocurrency wallet details, and other sensitive data.

The BeaverTail malware not only sends stolen data to the hackers but also installs InvisibleFerret, which allows them to control the infected computer remotely, track keystrokes, and steal even more information. It also collects browser credentials and credit card details, making the attack especially dangerous.

Experts believe the hackers may be motivated by financial gain, as BeaverTail can steal data from 13 different cryptocurrency wallets. North Korean hackers are known for carrying out cybercrimes to raise money for the country's regime.

Cybersecurity experts advise developers to be cautious about accepting files or software during interviews, especially from unknown or suspicious sources.