North Korean state-backed hackers have launched 338 nefarious npm packages downloaded over 50,000 times to compromise blockchain and cryptocurrency developers as part of the continuing Contagious Interview campaign, according to GBHackers News.
Over 180 fraudulent personas and more than a dozen command-and-control endpoints have been leveraged by attackers, who conducted LinkedIn reconnaissance under the guise of recruiters or hiring managers in a bid to lure cryptocurrency developers, blockchain experts, and Web3 engineers into downloading malicious dependencies, findings from the Socket Threat Research Team showed.
Threat actors have used typosquatted versions of widely used packages, including body-parser, nodemailer, and express, to distribute the HexEval, XORIndex, and encrypted loaders delivering the BeaverTail malware. Such an approach diverges from initial attacks that directly launched BeaverTail.
Aside from ensuring persistent access, BeaverTail also facilitates InvisibleFerret backdoor staging for subsequent reconnaissance and cryptocurrency exfiltration. Contagious Interview is expected to still evolve, with 25 of the nefarious packages still active.
Over 180 fraudulent personas and more than a dozen command-and-control endpoints have been leveraged by attackers, who conducted LinkedIn reconnaissance under the guise of recruiters or hiring managers in a bid to lure cryptocurrency developers, blockchain experts, and Web3 engineers into downloading malicious dependencies, findings from the Socket Threat Research Team showed.
Threat actors have used typosquatted versions of widely used packages, including body-parser, nodemailer, and express, to distribute the HexEval, XORIndex, and encrypted loaders delivering the BeaverTail malware. Such an approach diverges from initial attacks that directly launched BeaverTail.
Aside from ensuring persistent access, BeaverTail also facilitates InvisibleFerret backdoor staging for subsequent reconnaissance and cryptocurrency exfiltration. Contagious Interview is expected to still evolve, with 25 of the nefarious packages still active.




