Hunting Lazarus Part IV: Real Blood on the Wire It has been only days since we published Part III—where we asked whether we were hunting Lazarus or walking into a honeypot. We did not expect to be back this soon. But what we found makes everything ...

oh, we didn't expect that...

redasgard.com/blog/hunting...

what are your thoughts?

#lazarus #dprk #threatintelligence #malwareanalysis #ottercookie

"Hunting Lazarus Part III: The Infrastructure That Was Too Perfect" published by RedAsgard. #Lazarus, #OtterCookie, #DPRK, #CTI redasgard.com/blog/hunting-lazarus-par...

NK Hackers Push 200 Malicious npm Packages with OtterCookie Malware Follow us on Bluesky, Twitter (X), Mastodon and Facebook at @Hackread

North Korean hackers are flooding npm with over 200 malicious packages carrying #OtterCookie malware targeting Web3 and blockchain developers via fake job‑screening tools.

Read: hackread.com/nk-hackers-n...

#CyberSecurity #npm #Web3 #Blockchain #Malware #NorthKorea

Inside the GitHub Infrastructure Powering North Korea’s Cont... Socket Threat Research maps a rare inside look at OtterCookie’s npm-Vercel-GitHub chain, adding 197 malicious packages and evidence of North Korean op...

Inside the GitHub Infrastructure Powering North Korea’s Contagious Interview #npm Attacks

#SocketThreat Research maps a rare inside look at #OtterCookie npm Vercel #GitHub chain, adding 197 malicious packages and evidence of #NorthKorea operators.

socket.dev/blog/north-k...

La Corea del Nord infiltra npm con la campagna Contagious Interview, diffonde 197 pacchetti maligni e il malware OtterCookie, colpendo sviluppatori Web3 nel 2025.

#apt #ContagiousInterview #CoreadelNord #github #npm #OtterCookie #Socket
www.matricedigitale.it/2025/11/29/c...

North Korean hackers flood npm with 197 malicious packages, spreading advanced OtterCookie malware. Developers, stay alert! #CyberSecurity #Malware #OtterCookie #npm #SupplyChainAttack Link: thedailytechfeed.com/north-korean...

"Inside the GitHub Infrastructure Powering North Korea’s Contagious Interview npm Attacks" published by Socket. #ContagiousInterview, #NPM, #OtterCookie, #DPRK, #CTI socket.dev/blog/north-korea-contagi...

"Famous Chollima Evolves Its Arsenal, Merging BeaverTail and OtterCookie" published by PolySwarm. #BeaverTail, #FamousChollima, #OtterCookie, #DPRK, #CTI blog.polyswarm.io/famous-chollima-evolves-...

North Korean hackers have merged BeaverTail and OtterCookie into advanced JS malware, enhancing their cyber-espionage capabilities. Stay vigilant! #CyberSecurity #Malware #NorthKorea #BeaverTail #OtterCookie Link: thedailytechfeed.com/north-korean...

NK’s Famous Chollima Use BeaverTail and OtterCookie Malware in Job Scam Follow us on Bluesky, Twitter (X), Mastodon and Facebook at @Hackread

Watch out as the North Korean hackers from the #FamousChollima group are using fake job offers to spread BeaverTail and OtterCookie malware, stealing crypto and credentials in a new attack.

Read: hackread.com/nk-famous-ch...

#Cybersecurity #Malware #BeaverTail #OtterCookie #NorthKorea

"BeaverTail and OtterCookie evolve with a new Javascript module" published by CiscoTalos. #BeaverTail, #OtterCookie, #DPRK, #CTI blog.talosintelligence.com/beavertail-and-ottercook...

"Lazarus Group Attacks in 2025: Overview for SOC Teams" published by AnyRun. #ContagiousInterview, #ITWorker, #InvisibleFerret, #Lazarus, #OtterCookie, #PylangGhost, #DPRK, #CTI any.run/cybersecurity-blog/lazar...

"Lazarus Group Enhances Malware with New OtterCookie Payload Delivery Technique" published by Gbhackers. #Lazarus, #OtterCookie, #DPRK, #CTI gbhackers.com/lazarus-group-malware-wi...

"OtterCookie: Analysis of New Lazarus Group Malware" published by AnyRun. #Lazarus, #OtterCookie, #DPRK, #CTI any.run/potatosecurity-blog/otte...

"OtterCookie: Analysis of New Lazarus Group Malware" published by AnyRun. #Lazarus, #OtterCookie, #DPRK, #CTI any.run/cybersecurity-blog/otter...

OtterCookie: Lazarus Malware

~Anyrun~
Lazarus' OtterCookie stealer, via fake job offers, steals creds/wallets & deploys InvisibleFerret.
-
IOCs: 144. 172. 101. 45, chainlink-api-v3. cloud
-
#Lazarus #OtterCookie #ThreatIntel

OtterCookie v4 adds VM detection, native clipboard commands & dual stealers. Chrome passwords & MetaMask wallets. This isn’t script kiddie stuff it's a state-backed cyber weapon evolving fast.
#ThreatIntel #Malware #WaterPlum #Infosec #CryptoSecurity #OtterCookie #APT #NorthKorea

"WaterPlumが使用するマルウェアOtterCookieの機能追加" published by NTTSecurity. #OtterCookie, #WaterPlum, #ContagiousInterview, #DPRK, #CTI https://jp.security.ntt/tech_blog/waterplum-ottercookie

"Additional Features of OtterCookie Malware Used by WaterPlum" published by NTTSecurity. #OtterCookie, #WaterPlum, #ContagiousInterview, #DPRK, #CTI jp.security.ntt/tech_blog/en-waterplum-o...

"Interview with the Chollima" published by BirminghamCyber. #ContagiousInterview, #OtterCookie, #DPRK, #CTI https://quetzal.bitso.com/p/interview-with-the-chollima

"Inside the Scam: North Korea’s IT Worker Threat" published by RecordedFuture. #BeaverTail, #ITWorker, #InvisibleFerret, #OtterCookie, #PurpleBravo, #TAG-121, #TAG-120, #DPRK, #CTI www.recordedfuture.com/research/inside-the-scam...

北朝鮮の脅威アクターがサイバー攻撃、国内も要注意とNTT子会社が警告 NTTセキュリティは12月25日、北朝鮮との関係が疑われているサイバー攻撃キャンペーン「Contagious Interview」について、調査結果を公表して国内組織に対し注意を喚起した。キャンペーン自体はPalo Alto NetworksのUnit 42が発見。同社は新しいマルウェア「OtterCookie」の使用を確認したとして、解説している。

北朝鮮の脅威アクターがサイバー攻撃、国内も要注意とNTT子会社が警告 #MynaviNews (Dec 28)

#マルウェア #OtterCookie #ContagiousInterview #サイバー攻撃 #北朝鮮

OtterCookie: 北朝鮮ハッカー集団による開発者狙いの新型マルウェア、140台以上に感染被害 - イノベトピア 北朝鮮のハッカーグループによる新型マルウェア「OtterCookie」の展開 2024年12月26日、NTTセ

#OtterCookie : #北朝鮮 #ハッカー集団 による開発者狙いの新型 #マルウェア ､140台以上に感染被害 - イノベトピア
2024年12月26日、NTTセキュリティホールディングスは、北朝鮮のハッカーグループが新たなマルウェア「OtterCookie」を使用した攻撃を展開していることを発表しま ...
innovatopia.jp/cyber-securi...

"Contagious Interviewが使用する新たなマルウェアOtterCookieについて" published by NTTSecurity. #ContagiousInterview, #OtterCookie, #DPRK, #CTI jp.security.ntt/tech_blog/contagious-int...