Contagious Interview: DPRK Threat Actors Lure Tech Industry Job Seekers to Install New Variants of BeaverTail and InvisibleFerret Malware

2024-10-09 Paloalto Networks

https://unit42.paloaltonetworks.com/north-korean-threat-actors-lure-tech-job-seekers-as-fake-recruiters/

Thumbnail for Contagious Interview: DPRK Threat Actors Lure Tech Industry Job Seekers to Install New Variants of BeaverTail and InvisibleFerret Malware

DPRK-linked CL-STA-0240 Contagious Interview operators are posing as recruiters on job platforms and social media to push fake video-call applications to technology job seekers. Unit 42 observed newer Qt-based BeaverTail builds for macOS and Windows, including fake MiroTalk and FreeConference installers, that steal browser data and cryptocurrency wallets while connecting to infrastructure such as 95.164.17[.]24:1224. The report also notes continued code changes to BeaverTail and the InvisibleFerret backdoor delivered in the campaign. The activity remains financially relevant because the malware targets cryptocurrency wallets while using hiring workflows as the delivery channel.

Indicators of Compromise

Type Value First Seen Last Seen
IPv4 95.164.17.24 2024-07-15 2026-04-01
IPv4 185.235.241.208 2024-08-13 2025-11-13
HASH 10f86be3e564f2e463e45420eb5f9fb… 2024-10-09 2025-07-26
HASH 07183a60ebcb02546c53e82d92da3dd… 2024-10-09 2025-07-26
HASH 9abf6b93eafb797a3556bea1fe8a3b7… 2024-07-15 2025-01-01
HASH 9ece783ac52c9ec2f6bdfa669763a7e… 2024-10-09 2024-10-23
HASH 000b4a77b1905cabdb59d2b576f6da1… 2024-09-04 2024-10-23
HASH 36cac29ff3c503c2123514ea903836d… 2024-09-04 2024-10-23
HASH 0621d37818c35e2557fdd8a729e50ea… 2024-09-04 2024-10-23
HASH 8563eecbc85a0c43b689b9d9f31fe59… 2024-10-09 2024-10-09
HASH 1c218d15b35b79d762b966db8bc2ca9… 2024-10-09 2024-10-09
HASH ad8a819d7b68905fa6a8425295755c3… 2024-10-09 2024-10-09
HASH d0a5b9dc988834cc930624661e6e7dd… 2024-10-09 2024-10-09
HASH 34170bda5eb84d737577096438a776a… 2024-10-09 2024-10-09
HASH f08e88c7397443e35697e145887af26… 2024-10-09 2024-10-09
HASH 4343fa4e313a61f10de08fa5b1b8acb… 2024-10-09 2024-10-09
HASH e0568196f1494137a5bbee897a37bc4… 2024-10-09 2024-10-09
HASH 589e22005aa166b207a7aa7384dd3c7… 2024-10-09 2024-10-09
HASH a69e89a62203b8f2f89ec12a13e46c7… 2024-10-09 2024-10-09
HASH 5e820d8b2bd139b3018574c349cd48c… 2024-10-09 2024-10-09
HASH 486a9a79bbb81abee2e81679ace6267… 2024-10-09 2024-10-09
HASH 8de446957ce96826628c88da9fd4e7f… 2024-10-09 2024-10-09
HASH cde5afd20b7bb5c9457b68e02c13094… 2024-10-09 2024-10-09
HASH b9be6b0ac414ac2a033c17c3ac64941… 2024-10-09 2024-10-09
HASH 6e065f1e4d1d8232da5de830d270a13… 2024-10-09 2024-10-09
HASH d801ad1beeab3500c65434da51326d7… 2024-09-04 2024-10-09
HASH 9e3a9dbf10793a27361b3cef4d2c87d… 2024-09-04 2024-10-09
HASH de6f9e9e2ce58a604fe22a9d4214419… 2024-09-04 2024-10-09
HASH d5c0b89e1dfbe9f5e5b2c3f745af895… 2024-09-04 2024-10-09
HASH fd9e8fcc5bda88870b12b47cbb1cc87… 2024-09-04 2024-10-09
HASH 0f5f0a3ac843df675168f82021c2418… 2024-07-15 2024-10-09

Related Actors

Related Reports

« Back