Address
5F, 526 Nonhyeon-ro,
Gangnam-gu, Seoul, Korea
North Korean hackers are distributing a new malware called “COVERTCATCH” via LinkedIn. They are attacking developers disguised as job ads, and are specifically targeting the Web3 and cryptocurrency sectors.
The cyber attack takes place in the following order: a hacker posing as a “recruiter” on LinkedIn approaches the victim and sends a ZIP file disguised as a Python coding test. Running the file installs the COVERTCATCH malware on the macOS system, which is the first step in gaining long-term access to the system.
These attacks are part of a broader cyberattack strategy by North Korean hackers, who have used similar tactics in the past to carry out the “Dream Job” and “Contagion Interview” operations. They have also been involved in software supply chain attacks, targeting companies like 3CX and JumpCloud.
The FBI has warned of a surge in attacks on the cryptocurrency industry from North Korea, saying they are using highly sophisticated social engineering campaigns to lure victims.
Experts are advising developers, especially those in the crypto and web3 industry, to be wary of job offers on LinkedIn, and companies to invest in threat detection tools and strengthen training programs for their employees.
This case is a reminder of the importance of cybersecurity and the dangers of social engineering attacks, and emphasizes the necessity for both individuals and businesses to be more vigilant in their online activities.
Read More: Cryptocurrency Fraud Surges Using AI-Powered Deepfake Technology
