SlowMist: North Korean Lazarus is using a new type of spyware called OtterCookie to launch targeted attacks against encryption practitioners

According to BlockBeats, on June 6th, the latest intelligence from the SlowMist security team showed that the North Korean Lazarus hacker group is using a new type of theft Trojan called OtterCookie to launch targeted attacks on cryptocurrency and financial practitioners. The total methods include forging high paying job interviews/investor negotiations, using deepfake videos to impersonate recruiters, and disguising malicious software as "programming test questions" or "system update packages". The targets of theft include login credentials saved by browsers, passwords and digital certificates in macOS keychains, as well as encrypted wallet information and private keys. SlowMist suggests being cautious of job/investment invitations offered proactively. Remote interviews require multiple verifications and should not run executable files of unknown origin, especially so-called "technical test questions" or "update patches". Strengthen terminal protection (EDR), deploy antivirus software, and regularly troubleshoot abnormal processes.