Slow Fog: North Korea's Lazarus is using a new type of spying Trojan called OtterCookie to launch targeted attacks against encryption practitioners.

On June 6, the latest intelligence from the SlowMist security team revealed that the North Korean Lazarus hacking group is using a new secret-stealing Trojan called OtterCookie to launch targeted attacks on cryptocurrencies and financial practitioners. Tactics include faking high-paying job interviews/investor interviews, using deepfake (Deepfake) videos to impersonate recruiters, and disguising malware as "coding quizzes" or "system update packages." Targets include browser-saved login credentials, passwords and digital certificates in macOS Keychain, and encrypted wallet information and private keys. SlowMist recommends that you be vigilant about unsolicited job offers/investment offers, require multiple verifications for remote interviews, do not run executable files from unknown sources, especially the so-called "technical test questions" or "update patches", strengthen the terminal protection (EDR), deploy antivirus software, and regularly check for abnormal processes.