SlowMist: North Korea's Lazarus is using a new stealthy information-stealing trojan called OtterCookie to launch targeted attacks against cryptocurrency practitioners

Blockbeats

06-06

BlockBeats News, June 6th, the latest intelligence from the SlowMist Security Team shows that the North Korean Lazarus hacking group is using a new stealthy information-stealing trojan called OtterCookie to launch targeted attacks against cryptocurrency and financial professionals.

The tactics involved include forging high-paying job interview/investor talks, using deepfake videos to impersonate the recruiting party, and disguising malware as "programming test questions" or "system update packages."

The targets for theft include browser-stored login credentials, passwords and digital certificates in the macOS Keychain, as well as cryptocurrency wallet information and private keys.

SlowMist advises to remain vigilant against actively provided job/investment invitations, conduct multi-factor authentication for remote interviews, avoid running executable files of unknown origin, especially those disguised as "technical test questions" or "update patches," strengthen endpoint defense (EDR), deploy antivirus software, and regularly check for unusual processes.

免责声明：投资有风险，本文并非投资建议，以上内容不应被视为任何金融产品的购买或出售要约、建议或邀请，作者或其他用户的任何相关讨论、评论或帖子也不应被视为此类内容。本文仅供一般参考，不考虑您的个人投资目标、财务状况或需求。TTM对信息的准确性和完整性不承担任何责任或保证，投资者应自行研究并在投资前寻求专业建议。

热议股票

1
2
3
4
5
6
7
8
9
10

{"basename":"/hans","ssrTDKData":{"titleTemplate":"%s - 老虎证券","title":"老虎证券全球投资理财平台| 一站式投资美股新股港股A股","description":"老虎证券助您一站式投资美股，新股，港股，A股等全球金融理财产品。新加坡华人最信赖的在线投资平台，现在加入即享低费用，24/5 无时差炒美股投资理财！","keywords":"老虎证券,老虎证券开户,老虎券商,老虎证券官网,老虎证券app,tigertrade老虎证券,股票,炒股,新加坡股票交易平台,投资,投资理财","social":{"ogDescription":"老虎证券助您一站式投资美股，新股，港股，A股等全球金融理财产品。新加坡华人最信赖的在线投资平台，现在加入即享低费用，24/5 无时差炒美股投资理财！","ogImage":"https://c1.itigergrowtha.com/portal5/static/media/og-logo.be62fbe1.png","ogUrl":"https://www.itiger.com/hans/news/2541886102"},"companyName":"老虎证券"},"pageData":{"isMobile":false,"isTiger":false,"isTTM":true,"region":"SGP","license":"TBSG","edition":"fundamental"},"__swrFallback__":{"@#url:\"https://stock-news.skytigris.cn/v3/news\",params:#id:\"2541886102\",edition:\"fundamental\",,,undefined,":{"share":"https://ttm.financial/m/news/2541886102?lang=zh_CN&edition=fundamental","thumbnail":"","is_english":true,"pubTime":"2025-06-06 10:48","share_image_url":"https://static.laohu8.com/e9f99090a1c2ed51c021029395664489","id":"2541886102","market":"us","top_or_hot":-1,"title":"SlowMist: North Korea's Lazarus is using a new stealthy information-stealing trojan called OtterCookie to launch targeted attacks against cryptocurrency practitioners","media":"Blockbeats","content":"<html><body><div><p>BlockBeats News, June 6th, the latest intelligence from the SlowMist Security Team shows that the North Korean Lazarus hacking group is using a new stealthy information-stealing trojan called OtterCookie to launch targeted attacks against cryptocurrency and financial professionals.</p><p>The tactics involved include forging high-paying job interview/investor talks, using deepfake videos to impersonate the recruiting party, and disguising malware as \"programming test questions\" or \"system update packages.\"</p><p>The targets for theft include browser-stored login credentials, passwords and digital certificates in the macOS Keychain, as well as cryptocurrency wallet information and private keys.</p><p>SlowMist advises to remain vigilant against actively provided job/investment invitations, conduct multi-factor authentication for remote interviews, avoid running executable files of unknown origin, especially those disguised as \"technical test questions\" or \"update patches,\" strengthen endpoint defense (EDR), deploy antivirus software, and regularly check for unusual processes.</p></div></body></html>","source":"theblockbeats_live","html":"<!DOCTYPE html>\n<html>\n<head>\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\" />\n<meta name=\"viewport\" content=\"width=device-width,initial-scale=1.0,minimum-scale=1.0,maximum-scale=1.0,user-scalable=no\"/>\n<meta name=\"format-detection\" content=\"telephone=no,email=no,address=no\" />\n<title>SlowMist: North Korea's Lazarus is using a new stealthy information-stealing trojan called OtterCookie to launch targeted attacks against cryptocurrency practitioners</title>\n<style type=\"text/css\">\na,abbr,acronym,address,applet,article,aside,audio,b,big,blockquote,body,canvas,caption,center,cite,code,dd,del,details,dfn,div,dl,dt,\nem,embed,fieldset,figcaption,figure,footer,form,h1,h2,h3,h4,h5,h6,header,hgroup,html,i,iframe,img,ins,kbd,label,legend,li,mark,menu,nav,\nobject,ol,output,p,pre,q,ruby,s,samp,section,small,span,strike,strong,sub,summary,sup,table,tbody,td,tfoot,th,thead,time,tr,tt,u,ul,var,video{ font:inherit;margin:0;padding:0;vertical-align:baseline;border:0 }\nbody{ font-size:16px; line-height:1.5; color:#999; background:transparent; }\n.wrapper{ overflow:hidden;word-break:break-all;padding:10px; }\nh1,h2{ font-weight:normal; line-height:1.35; margin-bottom:.6em; }\nh3,h4,h5,h6{ line-height:1.35; margin-bottom:1em; }\nh1{ font-size:24px; }\nh2{ font-size:20px; }\nh3{ font-size:18px; }\nh4{ font-size:16px; }\nh5{ font-size:14px; }\nh6{ font-size:12px; }\np,ul,ol,blockquote,dl,table{ margin:1.2em 0; }\nul,ol{ margin-left:2em; }\nul{ list-style:disc; }\nol{ list-style:decimal; }\nli,li p{ margin:10px 0;}\nimg{ max-width:100%;display:block;margin:0 auto 1em; }\nblockquote{ color:#B5B2B1; border-left:3px solid #aaa; padding:1em; }\nstrong,b{font-weight:bold;}\nem,i{font-style:italic;}\ntable{ width:100%;border-collapse:collapse;border-spacing:1px;margin:1em 0;font-size:.9em; }\nth,td{ padding:5px;text-align:left;border:1px solid #aaa; }\nth{ font-weight:bold;background:#5d5d5d; }\n.symbol-link{font-weight:bold;}\n/* header{ border-bottom:1px solid #494756; } */\n.title{ margin:0 0 8px;line-height:1.3;color:#ddd; }\n.meta {color:#5e5c6d;font-size:13px;margin:0 0 .5em; }\na{text-decoration:none; color:#2a4b87;}\n.meta .head { display: inline-block; overflow: hidden}\n.head .h-thumb { width: 30px; height: 30px; margin: 0; padding: 0; border-radius: 50%; float: left;}\n.head .h-content { margin: 0; padding: 0 0 0 9px; float: left;}\n.head .h-name {font-size: 13px; color: #eee; margin: 0;}\n.head .h-time {font-size: 11px; color: #7E829C; margin: 0;line-height: 11px;}\n.small {font-size: 12.5px; display: inline-block; transform: scale(0.9); -webkit-transform: scale(0.9); transform-origin: left; -webkit-transform-origin: left;}\n.smaller {font-size: 12.5px; display: inline-block; transform: scale(0.8); -webkit-transform: scale(0.8); transform-origin: left; -webkit-transform-origin: left;}\n.bt-text {font-size: 12px;margin: 1.5em 0 0 0}\n.bt-text p {margin: 0}\n</style>\n</head>\n<body>\n<div class=\"wrapper\">\n<header>\n<h2 class=\"title\">\nSlowMist: North Korea's Lazarus is using a new stealthy information-stealing trojan called OtterCookie to launch targeted attacks against cryptocurrency practitioners\n</h2>\n\n<h4 class=\"meta\">\n\n\n2025-06-06 10:48 GMT+8&nbsp;&nbsp;&nbsp;<a href=https://www.theblockbeats.info//en/flash/297141><strong>Blockbeats</strong></a>\n\n\n</h4>\n\n</header>\n<article>\n<div>\n<p>BlockBeats News, June 6th, the latest intelligence from the SlowMist Security Team shows that the North Korean Lazarus hacking group is using a new stealthy information-stealing trojan called ...</p>\n\n<a href=\"https://www.theblockbeats.info//en/flash/297141\">网页链接</a>\n\n</div>\n\n\n</article>\n</div>\n</body>\n</html>\n","isBrief":false,"type":0,"news_type":1,"symbol":null,"symbol_name":null,"start_time":0,"source_url":"https://www.theblockbeats.info//en/flash/297141","article_id":"2541886102","we_media_id":null,"thumbnails":[],"rights":null,"url":"https://stock-news.laohu8.com/highlight/detail?id=2541886102","pubTimestamp":1749178080,"columns":[],"sourceInfo":{"source_id":"theblockbeats_live","name":"Blockbeats快讯"},"weMediaInfo":null,"summary":"BlockBeats News, June 6th, the latest intelligence from the SlowMist Security Team shows that the North Korean Lazarus hacking group is using a new stealthy information-stealing trojan called OtterCookie to launch targeted attacks against cryptocurrency and financial professionals.The tactics involved include forging high-paying job interview/investor talks, using deepfake videos to impersonate the recruiting party, and disguising malware as \"programming test questions\" or \"system update packages.\"The targets for theft include browser-stored login credentials, passwords and digital certificates in the macOS Keychain, as well as cryptocurrency wallet information and private keys.SlowMist advises to remain vigilant against actively provided job/investment invitations, conduct multi-factor authentication for remote interviews, avoid running executable files of unknown origin, especially those disguised as \"technical test questions\" or \"update patches,\" strengthen endpoint defense , deploy","collect":0,"end_time":0,"defaultTopTitle":"theblockbeats.info","property":[],"viewcount":null,"language":"en","relate_stocks":{},"translate_title":"SlowMist：朝鲜的Lazarus正在使用一种名为OtterCookie的新型隐形信息窃取木马对加密货币从业者发起有针对性的攻击","themeId":null,"isJumpTheme":false,"ttsUrl":null,"symbols_score_info":{"EDR":1,"TISI":1},"content_text":"BlockBeats News, June 6th, the latest intelligence from the SlowMist Security Team shows that the North Korean Lazarus hacking group is using a new stealthy information-stealing trojan called OtterCookie to launch targeted attacks against cryptocurrency and financial professionals.The tactics involved include forging high-paying job interview/investor talks, using deepfake videos to impersonate the recruiting party, and disguising malware as \"programming test questions\" or \"system update packages.\"The targets for theft include browser-stored login credentials, passwords and digital certificates in the macOS Keychain, as well as cryptocurrency wallet information and private keys.SlowMist advises to remain vigilant against actively provided job/investment invitations, conduct multi-factor authentication for remote interviews, avoid running executable files of unknown origin, especially those disguised as \"technical test questions\" or \"update patches,\" strengthen endpoint defense (EDR), deploy antivirus software, and regularly check for unusual processes.","kind":"highlight","is_publish_news":true,"is_publish_highlight":false,"is_publish_live":false,"is_publish_wemedia":null,"editions":null,"column":"","sentiment":"0","news_tag":"","news_rank":0,"symbols":[],"gpt_button":0,"code":"91000000","status":"200"}}}