A sub -group of the North Korean infiltrators associated with Lazarus has established three shell companies, two in the United States, to connect harmful programs for reassuring users.
The three consulting companies are used for encryption – Blocknovas, Angeloper and SoftGlide – by North Korea’s controversy To distribute harmful programs through fake job interviews, and those who are silent threats to pay He said In April 24 report.
Silent threatening analyst Zach Edwards He said In April 24 statement to X that two companies from Shell were registered as legitimate companies in the United States.
He said: “These websites and a huge network of accounts are used on employment / employment sites to deceive people to apply for jobs.”
“During the job request, an error message is displayed when someone tries to record a video introduction. The solution is easy to click Copy Comple and Tase, which leads to malware if the reassuring developer completes the process.”
Three strains of harmful programs – Beavertail, Invisibleferret and OTER – are used according to the silent payment.
Beavertail is the malware Primarily Designed to steal information and download other stages of malware. Ottercookie and invisibleferret especially Harighed sensitive information, including the encryption portfolio keys and portfolio data.
Push Silent analysts said in the report that infiltrators use GitHub, Job Listing and Freelancer sites to search for victims.
Artificial intelligence used to create fake employees
Ruse also includes infiltrators who use images created from artificial intelligence to create profiles for employees for the three front encryption companies and steal pictures of real people.
Edwards said: “There are many fake employees and stolen images of real people who are used through this network. We have documented some clear falsehoods and stolen images, but it is very important that we appreciate that plagiarism efforts from this campaign are different.”
“In one of the examples, representatives of the threat took a true picture of a real person, and then he seemed to have played it through a modified tool for Amnesty International to create a different version skillfully from that same image.”
Related to: The user warns against the malignant loading in the fake enlargement during the “stuck” download.
This malicious software campaign has been going on since 2024. Edwards says there are two known years victims.
Silent Pust developers targeting the campaign; It is said that one of them was Metamask wallet bargaining.
Since then, the FBI has closed at least one of the companies.
“The FBI has acquired Blocknovas, but Softglide is still alive, along with some other infrastructure,” Edwards said.
At least three founders of the blades in March that they thwarted an attempt by North Korean infiltrators to steal sensitive data Through fake zoom calls.
Classes like Lazaros Group Are the main suspects in some of the largest electronic thefts in WEB3, including Bybit $ 1.4 billion penetration and 600 million dollars Ron Network breakthrough.
magazine: The exploitation of the Lazarus Group group – Hacks Crypto Analysis
