According to Odaily, the cybersecurity team at SlowMist has issued a warning about the North Korean hacker group Lazarus, which is employing a new type of malware named OtterCookie to launch targeted attacks on cryptocurrency and financial professionals. The attack strategies include fabricating high-paying job interviews or investor meetings, using deepfake videos to impersonate recruiters, and disguising malware as 'programming tests' or 'system update packages.' The malware aims to steal credentials saved in browsers, passwords and digital certificates from macOS keychains, as well as information and private keys from cryptocurrency wallets.
SlowMist advises maintaining vigilance against unsolicited job offers or investment invitations, ensuring multiple verifications for remote interviews, and avoiding running unknown executable files, particularly those labeled as 'technical tests' or 'update patches.' They recommend strengthening endpoint protection (EDR), deploying antivirus software, and regularly checking for abnormal processes.