home.social

#beavertail — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #beavertail, aggregated by home.social.

  1. Contagious Interview diventa un worm: Void Dokkaebi trasforma 750 repository in vettori auto-propaganti contro gli sviluppatori

    Il gruppo APT nordcoreano Void Dokkaebi (Famous Chollima) ha trasformato le sue finte offerte di lavoro in un attacco supply chain capace di propagarsi automaticamente: basta aprire un repository clonato in VS Code per attivare payload nascosti in commit manipolati. A marzo 2026, Trend Micro ha mappato oltre 750 repository infetti, 500 task.json malevoli e staging C2 su Tron, Aptos e Binance Smart Chain.

    insicurezzadigitale.com/contag

  2. Contagious Interview diventa un worm: Void Dokkaebi trasforma 750 repository in vettori auto-propaganti contro gli sviluppatori

    Il gruppo APT nordcoreano Void Dokkaebi (Famous Chollima) ha trasformato le sue finte offerte di lavoro in un attacco supply chain capace di propagarsi automaticamente: basta aprire un repository clonato in VS Code per attivare payload nascosti in commit manipolati. A marzo 2026, Trend Micro ha mappato oltre 750 repository infetti, 500 task.json malevoli e staging C2 su Tron, Aptos e Binance Smart Chain.

    insicurezzadigitale.com/contag

  3. Contagious Interview diventa un worm: Void Dokkaebi trasforma 750 repository in vettori auto-propaganti contro gli sviluppatori

    Il gruppo APT nordcoreano Void Dokkaebi (Famous Chollima) ha trasformato le sue finte offerte di lavoro in un attacco supply chain capace di propagarsi automaticamente: basta aprire un repository clonato in VS Code per attivare payload nascosti in commit manipolati. A marzo 2026, Trend Micro ha mappato oltre 750 repository infetti, 500 task.json malevoli e staging C2 su Tron, Aptos e Binance Smart Chain.

    insicurezzadigitale.com/contag

  4. Contagious Interview diventa un worm: Void Dokkaebi trasforma 750 repository in vettori auto-propaganti contro gli sviluppatori

    Il gruppo APT nordcoreano Void Dokkaebi (Famous Chollima) ha trasformato le sue finte offerte di lavoro in un attacco supply chain capace di propagarsi automaticamente: basta aprire un repository clonato in VS Code per attivare payload nascosti in commit manipolati. A marzo 2026, Trend Micro ha mappato oltre 750 repository infetti, 500 task.json malevoli e staging C2 su Tron, Aptos e Binance Smart Chain.

    insicurezzadigitale.com/contag

  5. Contagious Interview diventa un worm: Void Dokkaebi trasforma 750 repository in vettori auto-propaganti contro gli sviluppatori

    Il gruppo APT nordcoreano Void Dokkaebi (Famous Chollima) ha trasformato le sue finte offerte di lavoro in un attacco supply chain capace di propagarsi automaticamente: basta aprire un repository clonato in VS Code per attivare payload nascosti in commit manipolati. A marzo 2026, Trend Micro ha mappato oltre 750 repository infetti, 500 task.json malevoli e staging C2 su Tron, Aptos e Binance Smart Chain.

    insicurezzadigitale.com/contag

  6. [Translation] How a “dream job invitation” turns into an attack

    It all starts with a notification that feels familiar and exciting for any developer: “You’ve been shortlisted for an AI developer position.” The company looks impressive — DLMind, an “AI innovation lab.” The recruiter appears legitimate — Tim Morenc, CEDS, with a polished LinkedIn profile, professional communication style, and mutual connections.

    But behind this friendly outreach is BeaverTail — a malicious operation designed to steal your code, credentials, and developer assets.

    The attack is part of a broader pattern associated with North Korean cyber operations, including groups such as Lazarus Group.

    How the attack works

    The victim is approached via LinkedIn or similar platforms

    A convincing fake company and recruiter profile is used

    A “technical assignment” or test task is provided

    The task contains malicious code or a compromised dependency

    Once executed, it extracts sensitive data such as:

    GitHub / Git credentials

    SSH keys

    API tokens

    browser session data

    Why it works

    The campaign relies on social engineering rather than technical exploitation:

    trust in recruitment processes

    desire for career opportunities

    familiarity of developer workflows (GitHub, npm, Python, etc.)

    Key takeaway

    Any unsolicited “test assignment” should be treated as potentially hostile code. Execution environments must be isolated, and credentials should never be exposed in evaluation setups.

    ---

    #hashtags
    #cybersecurity #infosec #malware #socialengineering #phishing #infostealer #supplychainattack #github #developers #techsecurity #beavertail #lazarusgroup

  7. [Translation] How a “dream job invitation” turns into an attack

    It all starts with a notification that feels familiar and exciting for any developer: “You’ve been shortlisted for an AI developer position.” The company looks impressive — DLMind, an “AI innovation lab.” The recruiter appears legitimate — Tim Morenc, CEDS, with a polished LinkedIn profile, professional communication style, and mutual connections.

    But behind this friendly outreach is BeaverTail — a malicious operation designed to steal your code, credentials, and developer assets.

    The attack is part of a broader pattern associated with North Korean cyber operations, including groups such as Lazarus Group.

    How the attack works

    The victim is approached via LinkedIn or similar platforms

    A convincing fake company and recruiter profile is used

    A “technical assignment” or test task is provided

    The task contains malicious code or a compromised dependency

    Once executed, it extracts sensitive data such as:

    GitHub / Git credentials

    SSH keys

    API tokens

    browser session data

    Why it works

    The campaign relies on social engineering rather than technical exploitation:

    trust in recruitment processes

    desire for career opportunities

    familiarity of developer workflows (GitHub, npm, Python, etc.)

    Key takeaway

    Any unsolicited “test assignment” should be treated as potentially hostile code. Execution environments must be isolated, and credentials should never be exposed in evaluation setups.

    ---

    #hashtags
    #cybersecurity #infosec #malware #socialengineering #phishing #infostealer #supplychainattack #github #developers #techsecurity #beavertail #lazarusgroup

  8. @habr25 [Translation] How a “dream job invitation” turns into an attack

    It all starts with a notification that feels familiar and exciting for any developer: “You’ve been shortlisted for an AI developer position.” The company looks impressive — DLMind, an “AI innovation lab.” The recruiter appears legitimate — Tim Morenc, CEDS, with a polished LinkedIn profile, professional communication style, and mutual connections.

    But behind this friendly outreach is BeaverTail — a malicious operation designed to steal your code, credentials, and developer assets.

    The attack is part of a broader pattern associated with North Korean cyber operations, including groups such as Lazarus Group.

    How the attack works

    The victim is approached via LinkedIn or similar platforms

    A convincing fake company and recruiter profile is used

    A “technical assignment” or test task is provided

    The task contains malicious code or a compromised dependency

    Once executed, it extracts sensitive data such as:

    GitHub / Git credentials

    SSH keys

    API tokens

    browser session data

    Why it works

    The campaign relies on social engineering rather than technical exploitation:

    trust in recruitment processes

    desire for career opportunities

    familiarity of developer workflows (GitHub, npm, Python, etc.)

    Key takeaway

    Any unsolicited “test assignment” should be treated as potentially hostile code. Execution environments must be isolated, and credentials should never be exposed in evaluation setups.

    ---

    #hashtags
    #cybersecurity #infosec #malware #socialengineering #phishing #infostealer #supplychainattack #github #developers #techsecurity #beavertail #lazarusgroup

  9. @habr25 [Translation] How a “dream job invitation” turns into an attack

    It all starts with a notification that feels familiar and exciting for any developer: “You’ve been shortlisted for an AI developer position.” The company looks impressive — DLMind, an “AI innovation lab.” The recruiter appears legitimate — Tim Morenc, CEDS, with a polished LinkedIn profile, professional communication style, and mutual connections.

    But behind this friendly outreach is BeaverTail — a malicious operation designed to steal your code, credentials, and developer assets.

    The attack is part of a broader pattern associated with North Korean cyber operations, including groups such as Lazarus Group.

    How the attack works

    The victim is approached via LinkedIn or similar platforms

    A convincing fake company and recruiter profile is used

    A “technical assignment” or test task is provided

    The task contains malicious code or a compromised dependency

    Once executed, it extracts sensitive data such as:

    GitHub / Git credentials

    SSH keys

    API tokens

    browser session data

    Why it works

    The campaign relies on social engineering rather than technical exploitation:

    trust in recruitment processes

    desire for career opportunities

    familiarity of developer workflows (GitHub, npm, Python, etc.)

    Key takeaway

    Any unsolicited “test assignment” should be treated as potentially hostile code. Execution environments must be isolated, and credentials should never be exposed in evaluation setups.

    ---

    #hashtags
    #cybersecurity #infosec #malware #socialengineering #phishing #infostealer #supplychainattack #github #developers #techsecurity #beavertail #lazarusgroup

  10. 📢⚠️Watch as North Korean Lazarus hackers tried to infect #AllSecure CEO Chris Papathanasiou through a fake LinkedIn job interview. The attackers used a coding test loaded with the notorious #BeaverTail malware. 🦫

    Read: hackread.com/fake-linkedin-int

    #CyberSecurity #Lazarus #NorthKorea #LinkedIn #Scam

  11. "... they wear shorts outside in February to shovel snow, and they eat beaver tails! Canadians are either really tough, or effing crazy."

    #Canada #Canadian #snow #shovel #shorts #BeaverTail #misunderstanding #tough #crazy

  12. "... they wear shorts outside in February to shovel snow, and they eat beaver tails! Canadians are either really tough, or effing crazy."

    #Canada #Canadian #snow #shovel #shorts #BeaverTail #misunderstanding #tough #crazy

  13. "... they wear shorts outside in February to shovel snow, and they eat beaver tails! Canadians are either really tough, or effing crazy."

    #Canada #Canadian #snow #shovel #shorts #BeaverTail #misunderstanding #tough #crazy

  14. "... they wear shorts outside in February to shovel snow, and they eat beaver tails! Canadians are either really tough, or effing crazy."

    #Canada #Canadian #snow #shovel #shorts #BeaverTail #misunderstanding #tough #crazy

  15. "... they wear shorts outside in February to shovel snow, and they eat beaver tails! Canadians are either really tough, or effing crazy."

    #Canada #Canadian #snow #shovel #shorts #BeaverTail #misunderstanding #tough #crazy

  16. ----------------

    🎯 Threat Intelligence
    ===================

    Executive summary: PurpleBravo, tracked as overlapping with the Contagious Interview campaign first documented in November 2023, is a North Korean state‑sponsored cluster focused on software developers—notably in software development and cryptocurrency verticals. Recorded Future / Insikt Group links the operation to 3,136 likely-target IPs (Aug 2024–Sep 2025) and identifies twenty potential victim organizations across multiple regions.

    Technical details:

    • Malware families and tooling observed: BeaverTail (JavaScript infostealer/loader), GolangGhost and PyLangGhost (multi‑platform RATs optimized for browser credentials and crypto wallets), and InvisibleFerret.

    • Delivery and lure chain: use of fraudulent LinkedIn personas, fake recruiter outreach, interview coding tests, ClickFix prompts, and malicious GitHub repositories and fictitious lure brands.

    • Infrastructure: C2 servers administered via Astrill VPN and IP ranges in China; BeaverTail and GolangGhost C2s hosted across seventeen distinct providers. Insikt Group cataloged 3,136 IPs concentrated in South Asia and North America and flagged twenty potential victim organizations across AI, crypto, finance, IT services, marketing, and software development.

    Attack Chain Analysis:
    • Initial Access: Social engineering via fake recruiter outreach and coding-test lures.
    • Download: Malicious payloads delivered through GitHub repos or interview/test prompts.
    • Execution: Execution of JavaScript infostealer (BeaverTail) or RAT loaders on victim devices.
    • Infection & Credential Theft: Browser credential and cryptocurrency wallet theft via GolangGhost/PyLangGhost.
    • C2 Communication: Management of C2 via Astrill VPN and diverse hosting providers.

    Impact & analysis: The campaign disproportionately targets developers who may use corporate endpoints for personal job‑search activities, increasing the risk of downstream compromise across client bases of IT services and outsourcing firms. Recorded Future distinguishes PurpleBravo from PurpleDelta but documents intersections, including shared Astrill VPN administration and IP overlaps suggesting operator interactions.

    Detection: Insikt Group’s findings emphasize telemetry such as recruiter‑style outreach tied to malicious GitHub repos, inbound connections to C2 ranges associated with Astrill VPN, and indicators of BeaverTail and GolangGhost activity. The original report lists observed counts and infrastructure; it does not publish exhaustive IoCs in the provided summary.

    Mitigation: The source material focuses on observed activity and attribution; it does not enumerate prescriptive mitigations.

    🔹 purplebravo #beavertail #golangghost #insiktgroup #recordedfuture

    🔗 Source: recordedfuture.com/research/pu

  17. NEW: Developers, crypto users, and job seekers beware - North Korea’s Lazarus Group is deploying a new #BeaverTail variant to steal credentials and crypto via fake job offers, dev tools and smart contracts.

    Read: hackread.com/lazarus-embed-bea

    #CyberSecurity #Lazarus #NorthKorea #DevSec #InfoStealer

  18. Watch out as the North Korean hackers from the #FamousChollima group are using fake job offers to spread BeaverTail and OtterCookie malware, stealing crypto and credentials in a new attack.

    Read: hackread.com/nk-famous-chollim

    #Cybersecurity #Malware #BeaverTail #OtterCookie #NorthKorea

  19. As results continue to come in from polls in the Atlantic region, we're going over to the Decision Desk for the first time tonight.

    Tront, I understand you're ready with your first firm conclusion for Canada Election 2025?

    Tront: Yes, we've crunched the numbers, and we think this is pretty solid. The result: beaver tails are more authentically Canadian than poutine.

    Well, Tront, I think that's going to be somewhat controversial to call this early.

    #Canada #election #Election2025 #poutine #BeaverTail #DecisionDesk

  20. Die Halterung von meinem Steckschutzblech mag nicht mehr halten. Ich habe jetzt eine Pappnagelfeile dazwischengesteckt. Ob es wohl hält? #sks #Beavertail #Fahrrad