[Read]:OtterCookie malware targets BTC and ETH on a fake job interview campaign

Aanuoluwatofunmi

sr. member

Activity: 840

Merit: 437

Quote from: btc_angela on December 27, 2024, 03:54:05 AM

A new malware variant has and they called it OtterCookie.

And it's reported to be created by again, the North Korean hackers group which is state sponsored. This time, the target is software developers with a fake interview. The threat actor will ask this developers to download and execute a code and once it's install in your personal machine or laptop, it will extract information including Bitcoin and Ethereum Private keys.

Here are the snippets of the code:

https://jp.security.ntt/tech_blog/contagious-interview-ottercookie

Initially though it seems that the North Koreans are targeting Japan, nevertheless we all know that they have attack a lot this year, even the latest Crypto exchange DMM Bitcoin Suffers $305M Hack.

So if you are a software developer, you need to be very careful about certain individuals asking you to download before the job interview as it might contain a malware that steals our crypto wallet.

This is uncalled for, i don't know what they stand to get from cheating on others, those who are genuinely seeking for job ended being a scam victim, my advise on this is that we should not use of devise which contains the wallet we uses for internet connection or running of any other activities that requires internet connectivity or a program, this is just to help maintain a secured environment over the use of wallet and our crypto asset, that is why most will prefer using a wallet on an air-gapped device, its part of taking a security measures against any related forms of attacks.

Baofeng

legendary

Activity: 2576

Merit: 1655

Quote from: Upgrade00 on December 27, 2024, 08:08:19 AM

Classic scam attempt. They do this with even non technical jobs by sending fake links to interview chat or fake company details to get access to your computer.

Quote from: Amphenomenon on December 27, 2024, 07:42:12 AM

Also, having your private keys stored in your device is even safe at first, they should be kept offline, including that of your password managers and the likes. Although the cautiousness of verifying the employers legitimacy cannot be over emphasize.

I'm sure you meant to say it's "not" even safe... Private keys are a hassle to manage and one is prone to make mistakes. Best to back up with recovery phrase which is easier to duplicate and store.

Another thing worth mentioning here is that it not only scan for your private keys, but they have the ability to scan OCR. So if by chance some of us have taken a picture of our private keys and store it in the machine that we are using for our jobs, this malware has that capability to see it as well and convert your image to text and then they stole your private keys.

Attacks has been getting smarter and smarter, and with that, crypto enthusiast should also be self aware and we should re-learn all the tools on how to protect our assets from this criminals.

And thanks to the OP for bringing this up.

Amphenomenon

hero member

Activity: 770

Merit: 536

Hope Jeremiah 17vs7

Quote from: Upgrade00 on December 27, 2024, 08:08:19 AM

Quote from: Amphenomenon on December 27, 2024, 07:42:12 AM

Also, having your private keys stored in your device is even safe at first, they should be kept offline, including that of your password managers and the likes. Although the cautiousness of verifying the employers legitimacy cannot be over emphasize.

I'm sure you meant to say it's "not" even safe... Private keys are a hassle to manage and one is prone to make mistakes. Best to back up with recovery phrase which is easier to duplicate and store.

Thanks for bringing that to my notice, I have corrected it now.
Indeed recovery phrase are much easier to store than the private keys and also require less technicalities with also lesser tendency of making errors when writing on paper since it's a series of characters while recovery phrases are just 12 to 24 words long, which is easier to write.

Porfirii

legendary

Activity: 2002

Merit: 2534

The Alliance Of Bitcointalk Translators - ENG>SPA

I din't think this has anything to do with the the following case, but I'll mention it just in case: in my country, we receive calls from unknown numbers (as everywhere else, I suppose) and sometimes they don't say a thing, others they pretend to be from your ISP, and the last trend is to hear a voice saying: we call you from "(XXXX) Human Resources...".

I have never continued hearing and none of my relatives or friends have either, but I have think that they'll simply try yo steal your personal data, thanks to the desperation of unemployed people.

But after reading this news, perhaps this is another way to cheat on us, if not yet, maybe soon.

Upgrade00

legendary

Activity: 2254

Merit: 2406

Playgram - The Telegram Casino

Classic scam attempt. They do this with even non technical jobs by sending fake links to interview chat or fake company details to get access to your computer.

Quote from: Amphenomenon on December 27, 2024, 07:42:12 AM

Also, having your private keys stored in your device is even safe at first, they should be kept offline, including that of your password managers and the likes. Although the cautiousness of verifying the employers legitimacy cannot be over emphasize.

I'm sure you meant to say it's "not" even safe... Private keys are a hassle to manage and one is prone to make mistakes. Best to back up with recovery phrase which is easier to duplicate and store.

Amphenomenon

hero member

Activity: 770

Merit: 536

Hope Jeremiah 17vs7

Your working PC, especially if your job may require to download files from unknown source, shouldn't have any important files on, at the very least these files should be encrypted using a secure encryption technique and as a software dev this should not be much of an hassle.

Also, having your private keys stored in your device is not even safe at first, they should be kept offline, including that of your password managers and the likes. Although the cautiousness of verifying the employers legitimacy cannot be over emphasize.

TravelMug

hero member

Activity: 2632

Merit: 833

Quote from: ABCbits on December 27, 2024, 04:30:39 AM

Their distribution method isnt new, although they know job seeker (usually desperate one) is more likely to visit website or download software they don't really know. It's one of reason why you shouldn't store cryptocurrency on device you use for daily or risky tasks.

Yes, I do agree, in any case, let's separate our crypto machines and we might be good though. And I know that we have been pitching this in the community, but there could be crypto enthusiast who still practicing of having their crypto on their laptop or pc that they used for their jobs.

So this is not new but still it's very effective method for this state sponsored hacker.

And they are really into everything as this groups are close to a half a billion of stolen crypto just this year alone.

ABCbits

legendary

Activity: 2870

Merit: 7490

Crypto Swap Exchange

Their distribution method isnt new, although they know job seeker (usually desperate one) is more likely to visit website or download software they don't really know. It's one of reason why you shouldn't store cryptocurrency on device you use for daily or risky tasks.

btc_angela

hero member

Activity: 2660

Merit: 551

A new malware variant has and they called it OtterCookie.

And it's reported to be created by again, the North Korean hackers group which is state sponsored. This time, the target is software developers with a fake interview. The threat actor will ask this developers to download and execute a code and once it's install in your personal machine or laptop, it will extract information including Bitcoin and Ethereum Private keys.

Here are the snippets of the code:

https://jp.security.ntt/tech_blog/contagious-interview-ottercookie

Initially though it seems that the North Koreans are targeting Japan, nevertheless we all know that they have attack a lot this year, even the latest Crypto exchange DMM Bitcoin Suffers $305M Hack.

So if you are a software developer, you need to be very careful about certain individuals asking you to download before the job interview as it might contain a malware that steals our crypto wallet.

Topic: [Read]:OtterCookie malware targets BTC and ETH on a fake job interview campaign (Read 91 times)