Hacker Hacker New:You Know Lazarus Group

1-North Korean hackers use phony cryptocurrency companies and job interview lures to distribute malware.

The threat actors with ties to North Korea who were responsible for the Contagious Interview have established front firms as a means of disseminating malware during the process of providing bogus employment opportunities.

"In this new campaign, the threat actor group is using three front companies in the cryptocurrency consulting industry—BlockNovas LLC (blocknovas[.] com), Angeloper Agency (angeloper[.]com), and SoftGlide LLC (softglide[.]co)—to spread malware via 'job interview lures," according to a comprehensive analysis conducted by Silent Push.

According to the cybersecurity business, the activity is being used to propagate three distinct families of malware that are already known to exist: BeaverTail, InvisibleFerret, and OtterCookie virus families.

To seduce targets into downloading cross-platform malware under the premise of coding assignment or repairing a problem with their browser while turning on camera during a video assessment, North Korea has coordinated a number of social engineering efforts with a job-related theme. One of these campaigns is called Contagious Interview.

Under the monikers CL-STA-0240, DeceptiveDevelopment, DEV#POPPER, Famous Chollima, UNC5342, and Void Dokkaebi, the activity is monitored by the larger community of cybersecurity professionals.

The employment of front firms for the purpose of spreading malware, in conjunction with the creation of fake profiles on social networking sites like as Facebook, LinkedIn, Pinterest, X, Medium, GitHub, and GitLab, represents a new level of sophistication on the part of the threat actors, who have been recognized as using a variety of job boards in order to entice victims.

"The BlockNovas front company has 14 people allegedly working for them, however many of the employee personas [...] appear to be fake," the Silent Push spokesperson said. "When viewing the 'About Us' page of blocknovas[.]com via the Wayback Machine, the group claimed to have been operating for '12+ years' – which is 11 years longer than the business has been registered."

2-The Reasons Why NHIs Are the Most Dangerous Blind Spot in Cybersecurity

The majority of people, when we discuss identification in the context of cybersecurity, think of usernames, passwords, and the odd multi-factor authentication alert. Non-Human Identities (NHIs) are experiencing exponential development, which is a developing danger that does not include human credentials at all. However, this threat is lying under the surface, and it is becoming more apparent.

When there is a mention of NHIs, the majority of security teams automatically think of Service Accounts as the first thing that comes to mind. Nevertheless, NHIs go much beyond that. In addition to platform-specific components like Amazon Web Services, Microsoft Azure, Google Cloud Platform, and others, you have Service Principals, Snowflake Roles, and IAM Roles. NHIs, in point of fact, may vary just as much as the services and environments that make up your current technology stack, and in order to effectively manage them, you need to have an awareness of this variability.

What poses the greatest threat is the manner in which these identities are verified.

The assaults result in the deployment of a JavaScript stealer and loader known as BeaverTail. This stealer and loader is then used to install a Python backdoor known as InvisibleFerret, which has the ability to create persistence on hosts running all three operating systems: Windows, Linux, and macOS. Additionally, it has been discovered that some infection chains are responsible for serving additional malware known as OtterCookie using the same JavaScript payload that was used to launch BeaverTail.

It has been discovered that BlockNovas is using video evaluations in order to disseminate FROSTYFERRET and GolangGhost by utilizing ClickFix-related baits. This strategy was described earlier this month by Sekoia, which is monitoring the activity under the moniker ClickFake Interview.

3-Five Reasons Why Device Management Is Not the Same as Device Trust

- MDM and EDR systems manage and secure enrolled and controlled devices. They cannot monitor or control unmanaged devices such personal computers, phones, contractor devices, and business partner devices. Unfortunately, these devices are still accessing corporate resources and pose a serious concern since they are unmanaged. They may violate the organization's security regulations (no disk encryption, no local biometric, hasn't been updated in three years, etc.), but you have no security footprint there, making them great entry points for attackers.

-Linux and ChromeOS compatibility is typically poor or nonexistent in MDM and EDR programs for Windows and macOS. This mismatch puts enterprises at risk, particularly software developers and system administrators who use many operating systems.

-MDM and EDR products usually work independently of access management systems, separating device security and access restrictions. Even if your MDM or EDR flags a questionable endpoint activity, event, or behavior, your access management solution cannot utilize the signal to make real-time resource access choices.

References

https://thehackernews.com/2025/04/5-reasons-device-management-isnt-device.html

https://thehackernews.com/2025/04/why-nhis-are-securitys-most-dangerous.html

https://thehackernews.com/2025/04/north-korean-hackers-spread-malware-via.html