#beavertail — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #beavertail, aggregated by home.social.
-
Contagious Interview diventa un worm: Void Dokkaebi trasforma 750 repository in vettori auto-propaganti contro gli sviluppatori
Il gruppo APT nordcoreano Void Dokkaebi (Famous Chollima) ha trasformato le sue finte offerte di lavoro in un attacco supply chain capace di propagarsi automaticamente: basta aprire un repository clonato in VS Code per attivare payload nascosti in commit manipolati. A marzo 2026, Trend Micro ha mappato oltre 750 repository infetti, 500 task.json malevoli e staging C2 su Tron, Aptos e Binance Smart Chain. -
Contagious Interview diventa un worm: Void Dokkaebi trasforma 750 repository in vettori auto-propaganti contro gli sviluppatori
Il gruppo APT nordcoreano Void Dokkaebi (Famous Chollima) ha trasformato le sue finte offerte di lavoro in un attacco supply chain capace di propagarsi automaticamente: basta aprire un repository clonato in VS Code per attivare payload nascosti in commit manipolati. A marzo 2026, Trend Micro ha mappato oltre 750 repository infetti, 500 task.json malevoli e staging C2 su Tron, Aptos e Binance Smart Chain. -
Contagious Interview diventa un worm: Void Dokkaebi trasforma 750 repository in vettori auto-propaganti contro gli sviluppatori
Il gruppo APT nordcoreano Void Dokkaebi (Famous Chollima) ha trasformato le sue finte offerte di lavoro in un attacco supply chain capace di propagarsi automaticamente: basta aprire un repository clonato in VS Code per attivare payload nascosti in commit manipolati. A marzo 2026, Trend Micro ha mappato oltre 750 repository infetti, 500 task.json malevoli e staging C2 su Tron, Aptos e Binance Smart Chain. -
Contagious Interview diventa un worm: Void Dokkaebi trasforma 750 repository in vettori auto-propaganti contro gli sviluppatori
Il gruppo APT nordcoreano Void Dokkaebi (Famous Chollima) ha trasformato le sue finte offerte di lavoro in un attacco supply chain capace di propagarsi automaticamente: basta aprire un repository clonato in VS Code per attivare payload nascosti in commit manipolati. A marzo 2026, Trend Micro ha mappato oltre 750 repository infetti, 500 task.json malevoli e staging C2 su Tron, Aptos e Binance Smart Chain. -
Contagious Interview diventa un worm: Void Dokkaebi trasforma 750 repository in vettori auto-propaganti contro gli sviluppatori
Il gruppo APT nordcoreano Void Dokkaebi (Famous Chollima) ha trasformato le sue finte offerte di lavoro in un attacco supply chain capace di propagarsi automaticamente: basta aprire un repository clonato in VS Code per attivare payload nascosti in commit manipolati. A marzo 2026, Trend Micro ha mappato oltre 750 repository infetti, 500 task.json malevoli e staging C2 su Tron, Aptos e Binance Smart Chain. -
[Translation] How a “dream job invitation” turns into an attack
It all starts with a notification that feels familiar and exciting for any developer: “You’ve been shortlisted for an AI developer position.” The company looks impressive — DLMind, an “AI innovation lab.” The recruiter appears legitimate — Tim Morenc, CEDS, with a polished LinkedIn profile, professional communication style, and mutual connections.
But behind this friendly outreach is BeaverTail — a malicious operation designed to steal your code, credentials, and developer assets.
The attack is part of a broader pattern associated with North Korean cyber operations, including groups such as Lazarus Group.
How the attack works
The victim is approached via LinkedIn or similar platforms
A convincing fake company and recruiter profile is used
A “technical assignment” or test task is provided
The task contains malicious code or a compromised dependency
Once executed, it extracts sensitive data such as:
GitHub / Git credentials
SSH keys
API tokens
browser session data
Why it works
The campaign relies on social engineering rather than technical exploitation:
trust in recruitment processes
desire for career opportunities
familiarity of developer workflows (GitHub, npm, Python, etc.)
Key takeaway
Any unsolicited “test assignment” should be treated as potentially hostile code. Execution environments must be isolated, and credentials should never be exposed in evaluation setups.
---
#hashtags
#cybersecurity #infosec #malware #socialengineering #phishing #infostealer #supplychainattack #github #developers #techsecurity #beavertail #lazarusgroup -
[Translation] How a “dream job invitation” turns into an attack
It all starts with a notification that feels familiar and exciting for any developer: “You’ve been shortlisted for an AI developer position.” The company looks impressive — DLMind, an “AI innovation lab.” The recruiter appears legitimate — Tim Morenc, CEDS, with a polished LinkedIn profile, professional communication style, and mutual connections.
But behind this friendly outreach is BeaverTail — a malicious operation designed to steal your code, credentials, and developer assets.
The attack is part of a broader pattern associated with North Korean cyber operations, including groups such as Lazarus Group.
How the attack works
The victim is approached via LinkedIn or similar platforms
A convincing fake company and recruiter profile is used
A “technical assignment” or test task is provided
The task contains malicious code or a compromised dependency
Once executed, it extracts sensitive data such as:
GitHub / Git credentials
SSH keys
API tokens
browser session data
Why it works
The campaign relies on social engineering rather than technical exploitation:
trust in recruitment processes
desire for career opportunities
familiarity of developer workflows (GitHub, npm, Python, etc.)
Key takeaway
Any unsolicited “test assignment” should be treated as potentially hostile code. Execution environments must be isolated, and credentials should never be exposed in evaluation setups.
---
#hashtags
#cybersecurity #infosec #malware #socialengineering #phishing #infostealer #supplychainattack #github #developers #techsecurity #beavertail #lazarusgroup -
@habr25 [Translation] How a “dream job invitation” turns into an attack
It all starts with a notification that feels familiar and exciting for any developer: “You’ve been shortlisted for an AI developer position.” The company looks impressive — DLMind, an “AI innovation lab.” The recruiter appears legitimate — Tim Morenc, CEDS, with a polished LinkedIn profile, professional communication style, and mutual connections.
But behind this friendly outreach is BeaverTail — a malicious operation designed to steal your code, credentials, and developer assets.
The attack is part of a broader pattern associated with North Korean cyber operations, including groups such as Lazarus Group.
How the attack works
The victim is approached via LinkedIn or similar platforms
A convincing fake company and recruiter profile is used
A “technical assignment” or test task is provided
The task contains malicious code or a compromised dependency
Once executed, it extracts sensitive data such as:
GitHub / Git credentials
SSH keys
API tokens
browser session data
Why it works
The campaign relies on social engineering rather than technical exploitation:
trust in recruitment processes
desire for career opportunities
familiarity of developer workflows (GitHub, npm, Python, etc.)
Key takeaway
Any unsolicited “test assignment” should be treated as potentially hostile code. Execution environments must be isolated, and credentials should never be exposed in evaluation setups.
---
#hashtags
#cybersecurity #infosec #malware #socialengineering #phishing #infostealer #supplychainattack #github #developers #techsecurity #beavertail #lazarusgroup -
@habr25 [Translation] How a “dream job invitation” turns into an attack
It all starts with a notification that feels familiar and exciting for any developer: “You’ve been shortlisted for an AI developer position.” The company looks impressive — DLMind, an “AI innovation lab.” The recruiter appears legitimate — Tim Morenc, CEDS, with a polished LinkedIn profile, professional communication style, and mutual connections.
But behind this friendly outreach is BeaverTail — a malicious operation designed to steal your code, credentials, and developer assets.
The attack is part of a broader pattern associated with North Korean cyber operations, including groups such as Lazarus Group.
How the attack works
The victim is approached via LinkedIn or similar platforms
A convincing fake company and recruiter profile is used
A “technical assignment” or test task is provided
The task contains malicious code or a compromised dependency
Once executed, it extracts sensitive data such as:
GitHub / Git credentials
SSH keys
API tokens
browser session data
Why it works
The campaign relies on social engineering rather than technical exploitation:
trust in recruitment processes
desire for career opportunities
familiarity of developer workflows (GitHub, npm, Python, etc.)
Key takeaway
Any unsolicited “test assignment” should be treated as potentially hostile code. Execution environments must be isolated, and credentials should never be exposed in evaluation setups.
---
#hashtags
#cybersecurity #infosec #malware #socialengineering #phishing #infostealer #supplychainattack #github #developers #techsecurity #beavertail #lazarusgroup -
📢⚠️Watch as North Korean Lazarus hackers tried to infect #AllSecure CEO Chris Papathanasiou through a fake LinkedIn job interview. The attackers used a coding test loaded with the notorious #BeaverTail malware. 🦫
Read: https://hackread.com/fake-linkedin-interview-lazarus-hackers-allsecure-ceo/
-
BREAKFAST OF CHAMPIONS #Photography #beavertail #ottawa
-
"... they wear shorts outside in February to shovel snow, and they eat beaver tails! Canadians are either really tough, or effing crazy."
#Canada #Canadian #snow #shovel #shorts #BeaverTail #misunderstanding #tough #crazy
-
"... they wear shorts outside in February to shovel snow, and they eat beaver tails! Canadians are either really tough, or effing crazy."
#Canada #Canadian #snow #shovel #shorts #BeaverTail #misunderstanding #tough #crazy
-
"... they wear shorts outside in February to shovel snow, and they eat beaver tails! Canadians are either really tough, or effing crazy."
#Canada #Canadian #snow #shovel #shorts #BeaverTail #misunderstanding #tough #crazy
-
"... they wear shorts outside in February to shovel snow, and they eat beaver tails! Canadians are either really tough, or effing crazy."
#Canada #Canadian #snow #shovel #shorts #BeaverTail #misunderstanding #tough #crazy
-
"... they wear shorts outside in February to shovel snow, and they eat beaver tails! Canadians are either really tough, or effing crazy."
#Canada #Canadian #snow #shovel #shorts #BeaverTail #misunderstanding #tough #crazy
-
----------------
🎯 Threat Intelligence
===================Executive summary: PurpleBravo, tracked as overlapping with the Contagious Interview campaign first documented in November 2023, is a North Korean state‑sponsored cluster focused on software developers—notably in software development and cryptocurrency verticals. Recorded Future / Insikt Group links the operation to 3,136 likely-target IPs (Aug 2024–Sep 2025) and identifies twenty potential victim organizations across multiple regions.
Technical details:
• Malware families and tooling observed: BeaverTail (JavaScript infostealer/loader), GolangGhost and PyLangGhost (multi‑platform RATs optimized for browser credentials and crypto wallets), and InvisibleFerret.
• Delivery and lure chain: use of fraudulent LinkedIn personas, fake recruiter outreach, interview coding tests, ClickFix prompts, and malicious GitHub repositories and fictitious lure brands.
• Infrastructure: C2 servers administered via Astrill VPN and IP ranges in China; BeaverTail and GolangGhost C2s hosted across seventeen distinct providers. Insikt Group cataloged 3,136 IPs concentrated in South Asia and North America and flagged twenty potential victim organizations across AI, crypto, finance, IT services, marketing, and software development.
Attack Chain Analysis:
• Initial Access: Social engineering via fake recruiter outreach and coding-test lures.
• Download: Malicious payloads delivered through GitHub repos or interview/test prompts.
• Execution: Execution of JavaScript infostealer (BeaverTail) or RAT loaders on victim devices.
• Infection & Credential Theft: Browser credential and cryptocurrency wallet theft via GolangGhost/PyLangGhost.
• C2 Communication: Management of C2 via Astrill VPN and diverse hosting providers.Impact & analysis: The campaign disproportionately targets developers who may use corporate endpoints for personal job‑search activities, increasing the risk of downstream compromise across client bases of IT services and outsourcing firms. Recorded Future distinguishes PurpleBravo from PurpleDelta but documents intersections, including shared Astrill VPN administration and IP overlaps suggesting operator interactions.
Detection: Insikt Group’s findings emphasize telemetry such as recruiter‑style outreach tied to malicious GitHub repos, inbound connections to C2 ranges associated with Astrill VPN, and indicators of BeaverTail and GolangGhost activity. The original report lists observed counts and infrastructure; it does not publish exhaustive IoCs in the provided summary.
Mitigation: The source material focuses on observed activity and attribution; it does not enumerate prescriptive mitigations.
🔹 purplebravo #beavertail #golangghost #insiktgroup #recordedfuture
🔗 Source: https://www.recordedfuture.com/research/purplebravos-targeting-it-software-supply-chain
-
Lazarus Group Embed New BeaverTail Variant in Developer Tools https://hackread.com/lazarus-embed-beavertail-variant-developer-tools/ #Cybersecurity #CyberAttacks #CyberAttack #BeaverTail #NorthKorea #Darktrace #Security #security #Lazarus #Malware #Crypto
-
Lazarus Group Embed New BeaverTail Variant in Developer Tools https://hackread.com/lazarus-embed-beavertail-variant-developer-tools/ #Cybersecurity #CyberAttacks #CyberAttack #BeaverTail #NorthKorea #Darktrace #Security #security #Lazarus #Malware #Crypto
-
Lazarus Group Embed New BeaverTail Variant in Developer Tools https://hackread.com/lazarus-embed-beavertail-variant-developer-tools/ #Cybersecurity #CyberAttacks #CyberAttack #BeaverTail #NorthKorea #Darktrace #Security #security #Lazarus #Malware #Crypto
-
Lazarus Group Embed New BeaverTail Variant in Developer Tools https://hackread.com/lazarus-embed-beavertail-variant-developer-tools/ #Cybersecurity #CyberAttacks #CyberAttack #BeaverTail #NorthKorea #Darktrace #Security #security #Lazarus #Malware #Crypto
-
NEW: Developers, crypto users, and job seekers beware - North Korea’s Lazarus Group is deploying a new #BeaverTail variant to steal credentials and crypto via fake job offers, dev tools and smart contracts.
Read: https://hackread.com/lazarus-embed-beavertail-variant-developer-tools/
-
NK Hackers Push 200 Malicious npm Packages with OtterCookie Malware https://hackread.com/nk-hackers-npm-packages-ottercookie-malware/ #ContagiousInterview #Cybersecurity #CyberAttack #OtterCookie #BeaverTail #NorthKorea #Security #Malware #Lazarus #NPM
-
NK’s Famous Chollima Use BeaverTail and OtterCookie Malware in Job Scam https://hackread.com/nk-famous-chollima-beavertail-ottercookie-malware/ #Cybersecurity #FmousChollima #CyberAttacks #CyberAttack #OtterCookie #BeaverTail #CiscoTalos #NorthKorea #Security #SriLanka #Malware #Chessfi #Crypto #Cisco
-
BeaverTail and OtterCookie evolve with a new Javascript module
#BeaverTail #OtterCookie #FAMOUSCHOLLIMA
https://blog.talosintelligence.com/beavertail-and-ottercookie/ -
Watch out as the North Korean hackers from the #FamousChollima group are using fake job offers to spread BeaverTail and OtterCookie malware, stealing crypto and credentials in a new attack.
Read: https://hackread.com/nk-famous-chollima-beavertail-ottercookie-malware/
#Cybersecurity #Malware #BeaverTail #OtterCookie #NorthKorea
-
Tech Note - BeaverTail variant distributed via malicious repositories and ClickFix lure
#BeaverTail #InvisibleFerret #FAMOUSCHOLLIMA
https://gitlab-com.gitlab.io/gl-security/security-tech-notes/threat-intelligence-tech-notes/north-korean-malware-sept-2025/ -
As results continue to come in from polls in the Atlantic region, we're going over to the Decision Desk for the first time tonight.
Tront, I understand you're ready with your first firm conclusion for Canada Election 2025?
Tront: Yes, we've crunched the numbers, and we think this is pretty solid. The result: beaver tails are more authentically Canadian than poutine.
Well, Tront, I think that's going to be somewhat controversial to call this early.
#Canada #election #Election2025 #poutine #BeaverTail #DecisionDesk
-
BeaverTail and Tropidoor Malware Distributed via Recruitment Emails
#UNC5342 #BeaverTail #Tropidoor
https://asec.ahnlab.com/en/87299/ -
BeaverTail and Tropidoor Malware Distributed via Recruitment Emails
#UNC5342 #BeaverTail #Tropidoor
https://asec.ahnlab.com/en/87299/ -
BeaverTail and Tropidoor Malware Distributed via Recruitment Emails
#UNC5342 #BeaverTail #Tropidoor
https://asec.ahnlab.com/en/87299/ -
BeaverTail and Tropidoor Malware Distributed via Recruitment Emails
#UNC5342 #BeaverTail #Tropidoor
https://asec.ahnlab.com/en/87299/ -
InvisibleFerret Malware: Technical Analysis
#BeaverTail #InvisibleFerret
https://any.run/cybersecurity-blog/invisibleferret-malware-analysis/ -
Sunset from Beavertail State Park RI #sunset #photo #Beavertail #RhodeIsland
-
Back to work after a great weekend in the Canadian Rockies. Lots of firsts: #Banff #BeaverTail #LakeLouise #Canmore #CanadianCraftBeer #ScenicPublicToilet
-
Back to work after a great weekend in the Canadian Rockies. Lots of firsts: #Banff #BeaverTail #LakeLouise #Canmore #CanadianCraftBeer #ScenicPublicToilet
-
Back to work after a great weekend in the Canadian Rockies. Lots of firsts: #Banff #BeaverTail #LakeLouise #Canmore #CanadianCraftBeer #ScenicPublicToilet
-
Back to work after a great weekend in the Canadian Rockies. Lots of firsts: #Banff #BeaverTail #LakeLouise #Canmore #CanadianCraftBeer #ScenicPublicToilet
-
Back to work after a great weekend in the Canadian Rockies. Lots of firsts: #Banff #BeaverTail #LakeLouise #Canmore #CanadianCraftBeer #ScenicPublicToilet
-
Die Halterung von meinem Steckschutzblech mag nicht mehr halten. Ich habe jetzt eine Pappnagelfeile dazwischengesteckt. Ob es wohl hält? #sks #Beavertail #Fahrrad