2024-10-14ììëìë³ê³ìLazarusêë¹ìInvisibleFerretììì½ë_1rHxRSQ.pdf (1 MB)

Hauri reports that Lazarus is distributing InvisibleFerret malware through job-task lures aimed at job seekers, continuing to abuse GitHub repositories while changing obfuscation methods and adding keylogging capability. The analyzed downloader retrieves and executes Backdoor, InfoStealer, and Keylogger components, attempts to install missing Python dependencies, and supports Windows and Linux payload execution while handling macOS differently. The activity aligns with DPRK Contagious Interview-style operations in which fake hiring workflows deliver cross-platform malware to collect credentials, browser data, and other victim information.