Gate News bot message, Slow Mist's Chief Information Security Officer (CISO) 23pds posted on social media, warning about a new type of attack tool from the Lazarus APT organization — OtterCookie.
Recently, Slow Fog received intelligence that the Lazarus APT (Advanced Persistent Threat) organization is using a new type of information-stealing malware called OtterCookie to launch targeted custom attacks against professionals in the finance and cryptocurrency industries.
Overview of Attack Methods:
• Attackers disguise themselves as well-known companies, luring victims into video calls under the pretense of investment and fake interviews;
• Use deepfake technology to forge the image of investors or interviewers, enhancing deception;
• Inducing victims to download and run malicious programs disguised as "coding challenges" or "video software updates";
•Once executed, the OtterCookie malware begins to steal critical sensitive information.
The targets of theft include:
•Login credentials stored in the browser;
•Passwords and certificates stored in the macOS Keychain;
•Locally stored encrypted assets, wallet information, and private key data.
Safety Recommendations:
•Be cautious of any unverified investment, recruitment requests, or remote interview invitations;
•Do not run binaries from unknown sources, especially so-called "challenge problems" or "upgrade patches";
• Strengthen terminal detection and response capabilities, install necessary antivirus software, and regularly check for abnormal communications and behaviors.
This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.
Slow Mist CISO: Beware of the new attack tool OtterCookie from the Lazarus APT organization
Gate News bot message, Slow Mist's Chief Information Security Officer (CISO) 23pds posted on social media, warning about a new type of attack tool from the Lazarus APT organization — OtterCookie.
Recently, Slow Fog received intelligence that the Lazarus APT (Advanced Persistent Threat) organization is using a new type of information-stealing malware called OtterCookie to launch targeted custom attacks against professionals in the finance and cryptocurrency industries.
Overview of Attack Methods: • Attackers disguise themselves as well-known companies, luring victims into video calls under the pretense of investment and fake interviews; • Use deepfake technology to forge the image of investors or interviewers, enhancing deception; • Inducing victims to download and run malicious programs disguised as "coding challenges" or "video software updates"; •Once executed, the OtterCookie malware begins to steal critical sensitive information.
The targets of theft include: •Login credentials stored in the browser; •Passwords and certificates stored in the macOS Keychain; •Locally stored encrypted assets, wallet information, and private key data.
Safety Recommendations: •Be cautious of any unverified investment, recruitment requests, or remote interview invitations; •Do not run binaries from unknown sources, especially so-called "challenge problems" or "upgrade patches"; • Strengthen terminal detection and response capabilities, install necessary antivirus software, and regularly check for abnormal communications and behaviors.