North Korean hackers set up 3 shell companies to scam crypto devs
A subgroup of the North Korea-linked hacker organization Lazarus has established three shell companies, including two in the US, to distribute malware through fake job interviews. The companies—BlockNovas, Angeloper Agency, and SoftGlide—are used by the group Contagious Interview to trick users into downloading malware during the application process. Three malware strains are involved: BeaverTail, which targets information theft, and OtterCookie and InvisibleFerret, which focus on sensitive data like crypto wallet keys. Hackers utilize AI-generated images to create fake employee profiles and steal real individuals' images. The campaign has been active since 2024, with known victims including a developer whose MetaMask wallet was compromised. The FBI has shut down at least one of the companies, but others remain operational. Lazarus Group is implicated in major cyber thefts in the crypto sector.
