A subgroup of the North Korea-linked Lazarus hacker organization has been targeting unsuspecting users by setting up three fake crypto consulting companies.
These shell companies, named BlockNovas, Angeloper Agency, and SoftGlide, are designed to distribute malware under the guise of job recruitment, according to a report from Silent Push, a cybersecurity firm, published on April 24.
The malware campaign, orchestrated by the North Korean hacking group known as Contagious Interview, exploits fake job interview processes to lure in victims. Two of the shell companies, BlockNovas and Angeloper Agency, are registered as legitimate businesses in the United States, lending them an air of credibility, which the hackers use to deceive job seekers.
According to Silent Push senior threat analyst Zach Edwards, the recruitment scam operates through websites and a vast network of accounts on popular job and freelancer platforms. When potential victims apply for positions, they encounter an error while recording an introductory video, leading them to click on a malicious link that installs malware such as BeaverTail, InvisibleFerret, and OtterCookie. The scammers enhance their credibility by using AI-generated images of fake employees, some of which are altered photos of real individuals, creating a more convincing front for their sham companies.
Edwards highlighted that the campaign has been running since 2024, resulting in known victims. One developer reported the theft of their MetaMask wallet following a successful attack. The FBI has intervened by shutting down at least one of the fake companies, BlockNovas, but SoftGlide and other related infrastructure remain active.
This malware operation is just the latest in a series of cyber thefts tied to the Lazarus Group, which is known for its involvement in some of the largest hacks in the crypto space, including the $1.4 billion heist from Bybit and the $600 million attack on the Ronin network.
If you want to read more news articles like this, visit DeFi Planet and follow us on Twitter, LinkedIn, Facebook, Instagram, and CoinMarketCap Community.
“Take control of your crypto portfolio with MARKETS PRO, DeFi Planet’s suite of analytics tools.”
