The Contagious Interview campaign employs social engineering tactics to lure software developers into downloading trojanized code. Attackers present themselves as fake recruiters offering enticing job opportunities in real estate or Web3 projects. Developers receive demo projects that appear legitimate, but they conceal malicious elements that inject malware using Node.js operations. The malware fetches and runs the BeaverTail infostealer, designed to access sensitive information related to cryptocurrency wallets. Subsequently, the InvisibleFerret Remote Access Tool is utilized to expand the attack’s scope. This campaign exemplifies a disturbing trend of integrating malware delivery with commonly used services, complicating detection efforts. Organizations are advised to scrutinize unsolicited code and monitor for unusual execution patterns to mitigate risks of infection.
👉 Pročitaj original: Cyber Security News
