North Korea-linked threat actors have launched the Contagious Interview campaign, utilizing fake front companies—BlockNovas LLC, Angeloper Agency, and SoftGlide LLC—in the cryptocurrency sector to distribute malware. This new social engineering tactic employs job interview scenarios to trick targets into downloading malware, including BeaverTail and InvisibleFerret. Additionally, these actors create fraudulent professional profiles across platforms like LinkedIn and Facebook, enhancing their deceptive tactics. The BlockNovas LLC example illustrates how these companies can fabricate employee personas and history to gain credibility.
In this new campaign, the threat actor group is using three front companies in the cryptocurrency consulting industry-BlockNovas LLC, Angeloper Agency, and SoftGlide LLC-to spread malware via 'job interview lures.'
The Contagious Interview campaign is one of several job-themed social engineering campaigns orchestrated by North Korea to entice targets into downloading cross-platform malware.
The use of front companies for malware propagation, complemented by setting up fraudulent accounts across various platforms, marks a new escalation for threat actors.
The BlockNovas front company has 14 people allegedly working for them, however many of the employee personas appear to be fake.
Collection
[
|
...
]