North Korea-linked attackers have targeted cryptocurrency and retail marketing and trading individuals with ClickFix intrusions spreading a new version of the BeaverTail malware, according to The Hacker News.Threat actors have used a Vercel-based bogus hiring platform to promote crypto marketing, trading, and sales positions at Web3 firms in a bid to lure would-be victims into executing an operating system command that would deploy the BeaverTail variant, a report from GitLab Threat Intelligence showed.Analysis of the BeaverTail version revealed its support for only eight browser extensions, rather than the usual 22, with the Windows iteration found to have used a password-protected archive to enable subsequent execution of the InvisibleFerret payload. Such findings were regarded by GitLab researchers as a "slight tactical shift" for BeaverTail operators."The move to compiled malware variants and continued reliance on ClickFix techniques demonstrates operational adaptation to reach less technical targets and systems without standard software development tools installed," said GitLab.
