SlowMist: North Korea's Lazarus is using a new stealthy information-stealing trojan called OtterCookie to launch targeted attacks against cryptocurrency practitioners

Blockbeats

06-06

BlockBeats News, June 6th, the latest intelligence from the SlowMist Security Team shows that the North Korean Lazarus hacking group is using a new stealthy information-stealing trojan called OtterCookie to launch targeted attacks against cryptocurrency and financial professionals.

The tactics involved include forging high-paying job interview/investor talks, using deepfake videos to impersonate the recruiting party, and disguising malware as "programming test questions" or "system update packages."

The targets for theft include browser-stored login credentials, passwords and digital certificates in the macOS Keychain, as well as cryptocurrency wallet information and private keys.

SlowMist advises to remain vigilant against actively provided job/investment invitations, conduct multi-factor authentication for remote interviews, avoid running executable files of unknown origin, especially those disguised as "technical test questions" or "update patches," strengthen endpoint defense (EDR), deploy antivirus software, and regularly check for unusual processes.

免責聲明：投資有風險，本文並非投資建議，以上內容不應被視為任何金融產品的購買或出售要約、建議或邀請，作者或其他用戶的任何相關討論、評論或帖子也不應被視為此類內容。本文僅供一般參考，不考慮您的個人投資目標、財務狀況或需求。TTM對信息的準確性和完整性不承擔任何責任或保證，投資者應自行研究並在投資前尋求專業建議。

熱議股票

1
2
3
4
5
6
7
8
9
10

{"basename":"/hant","ssrTDKData":{"titleTemplate":"%s - 老虎證券","title":"老虎证券全球投资理财平台| 一站式投资美股新股港股A股","description":"老虎证券助您一站式投资美股，新股，港股，A股等全球金融理财产品。新加坡华人最信赖的在线投资平台，现在加入即享低费用，24/5 无时差炒美股投资理财！","keywords":"老虎證券,老虎證券開戶,老虎券商,老虎證券官網,老虎證券app,tigertrade老虎證券,股票,炒股,新加坡股票交易平臺,投資,投資理財","social":{"ogDescription":"老虎证券助您一站式投资美股，新股，港股，A股等全球金融理财产品。新加坡华人最信赖的在线投资平台，现在加入即享低费用，24/5 无时差炒美股投资理财！","ogImage":"https://c1.itigergrowtha.com/portal5/static/media/og-logo.be62fbe1.png","ogUrl":"https://www.itiger.com/hant/news/2541886102"},"companyName":"老虎證券"},"pageData":{"isMobile":false,"isTiger":false,"isTTM":true,"region":"SGP","license":"TBSG","edition":"fundamental"},"__swrFallback__":{"@#url:\"https://stock-news.skytigris.cn/v3/news\",params:#id:\"2541886102\",edition:\"fundamental\",,,undefined,":{"share":"https://ttm.financial/m/news/2541886102?lang=zh_TW&edition=fundamental","thumbnail":"","is_english":true,"pubTime":"2025-06-06 10:48","share_image_url":"https://static.laohu8.com/e9f99090a1c2ed51c021029395664489","id":"2541886102","market":"us","top_or_hot":-1,"title":"SlowMist: North Korea's Lazarus is using a new stealthy information-stealing trojan called OtterCookie to launch targeted attacks against cryptocurrency practitioners","media":"Blockbeats","content":"<html><body><div><p>BlockBeats News, June 6th, the latest intelligence from the SlowMist Security Team shows that the North Korean Lazarus hacking group is using a new stealthy information-stealing trojan called OtterCookie to launch targeted attacks against cryptocurrency and financial professionals.</p><p>The tactics involved include forging high-paying job interview/investor talks, using deepfake videos to impersonate the recruiting party, and disguising malware as \"programming test questions\" or \"system update packages.\"</p><p>The targets for theft include browser-stored login credentials, passwords and digital certificates in the macOS Keychain, as well as cryptocurrency wallet information and private keys.</p><p>SlowMist advises to remain vigilant against actively provided job/investment invitations, conduct multi-factor authentication for remote interviews, avoid running executable files of unknown origin, especially those disguised as \"technical test questions\" or \"update patches,\" strengthen endpoint defense (EDR), deploy antivirus software, and regularly check for unusual processes.</p></div></body></html>","source":"theblockbeats_live","html":"<!DOCTYPE html>\n<html>\n<head>\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\" />\n<meta name=\"viewport\" content=\"width=device-width,initial-scale=1.0,minimum-scale=1.0,maximum-scale=1.0,user-scalable=no\"/>\n<meta name=\"format-detection\" content=\"telephone=no,email=no,address=no\" />\n<title>SlowMist: North Korea's Lazarus is using a new stealthy information-stealing trojan called OtterCookie to launch targeted attacks against cryptocurrency practitioners</title>\n<style type=\"text/css\">\na,abbr,acronym,address,applet,article,aside,audio,b,big,blockquote,body,canvas,caption,center,cite,code,dd,del,details,dfn,div,dl,dt,\nem,embed,fieldset,figcaption,figure,footer,form,h1,h2,h3,h4,h5,h6,header,hgroup,html,i,iframe,img,ins,kbd,label,legend,li,mark,menu,nav,\nobject,ol,output,p,pre,q,ruby,s,samp,section,small,span,strike,strong,sub,summary,sup,table,tbody,td,tfoot,th,thead,time,tr,tt,u,ul,var,video{ font:inherit;margin:0;padding:0;vertical-align:baseline;border:0 }\nbody{ font-size:16px; line-height:1.5; color:#999; background:transparent; }\n.wrapper{ overflow:hidden;word-break:break-all;padding:10px; }\nh1,h2{ font-weight:normal; line-height:1.35; margin-bottom:.6em; }\nh3,h4,h5,h6{ line-height:1.35; margin-bottom:1em; }\nh1{ font-size:24px; }\nh2{ font-size:20px; }\nh3{ font-size:18px; }\nh4{ font-size:16px; }\nh5{ font-size:14px; }\nh6{ font-size:12px; }\np,ul,ol,blockquote,dl,table{ margin:1.2em 0; }\nul,ol{ margin-left:2em; }\nul{ list-style:disc; }\nol{ list-style:decimal; }\nli,li p{ margin:10px 0;}\nimg{ max-width:100%;display:block;margin:0 auto 1em; }\nblockquote{ color:#B5B2B1; border-left:3px solid #aaa; padding:1em; }\nstrong,b{font-weight:bold;}\nem,i{font-style:italic;}\ntable{ width:100%;border-collapse:collapse;border-spacing:1px;margin:1em 0;font-size:.9em; }\nth,td{ padding:5px;text-align:left;border:1px solid #aaa; }\nth{ font-weight:bold;background:#5d5d5d; }\n.symbol-link{font-weight:bold;}\n/* header{ border-bottom:1px solid #494756; } */\n.title{ margin:0 0 8px;line-height:1.3;color:#ddd; }\n.meta {color:#5e5c6d;font-size:13px;margin:0 0 .5em; }\na{text-decoration:none; color:#2a4b87;}\n.meta .head { display: inline-block; overflow: hidden}\n.head .h-thumb { width: 30px; height: 30px; margin: 0; padding: 0; border-radius: 50%; float: left;}\n.head .h-content { margin: 0; padding: 0 0 0 9px; float: left;}\n.head .h-name {font-size: 13px; color: #eee; margin: 0;}\n.head .h-time {font-size: 12.5px; color: #7E829C; margin: 0;}\n.small {font-size: 12.5px; display: inline-block; transform: scale(0.9); -webkit-transform: scale(0.9); transform-origin: left; -webkit-transform-origin: left;}\n.smaller {font-size: 12.5px; display: inline-block; transform: scale(0.8); -webkit-transform: scale(0.8); transform-origin: left; -webkit-transform-origin: left;}\n.bt-text {font-size: 12px;margin: 1.5em 0 0 0}\n.bt-text p {margin: 0}\n</style>\n</head>\n<body>\n<div class=\"wrapper\">\n<header>\n<h2 class=\"title\">\nSlowMist: North Korea's Lazarus is using a new stealthy information-stealing trojan called OtterCookie to launch targeted attacks against cryptocurrency practitioners\n</h2>\n<h4 class=\"meta\">\n<p class=\"head\">\n<strong class=\"h-name small\">Blockbeats</strong><span class=\"h-time small\">2025-06-06 10:48</span>\n</p>\n</h4>\n</header>\n<article>\n<html><body><div><p>BlockBeats News, June 6th, the latest intelligence from the SlowMist Security Team shows that the North Korean Lazarus hacking group is using a new stealthy information-stealing trojan called OtterCookie to launch targeted attacks against cryptocurrency and financial professionals.</p><p>The tactics involved include forging high-paying job interview/investor talks, using deepfake videos to impersonate the recruiting party, and disguising malware as \"programming test questions\" or \"system update packages.\"</p><p>The targets for theft include browser-stored login credentials, passwords and digital certificates in the macOS Keychain, as well as cryptocurrency wallet information and private keys.</p><p>SlowMist advises to remain vigilant against actively provided job/investment invitations, conduct multi-factor authentication for remote interviews, avoid running executable files of unknown origin, especially those disguised as \"technical test questions\" or \"update patches,\" strengthen endpoint defense (EDR), deploy antivirus software, and regularly check for unusual processes.</p></div></body></html>\n<div class=\"bt-text\">\n\n\n<p> 來源：<a href=\"https://www.theblockbeats.info//en/flash/297141\">Blockbeats</a></p>\n<p>為提升您的閱讀體驗，我們對本頁面進行了排版優化</p>\n\n\n</div>\n</article>\n</div>\n</body>\n</html>\n","isBrief":false,"type":0,"news_type":1,"symbol":null,"symbol_name":null,"start_time":0,"source_url":"https://www.theblockbeats.info//en/flash/297141","article_id":"2541886102","we_media_id":null,"thumbnails":[],"rights":null,"url":"https://stock-news.laohu8.com/highlight/detail?id=2541886102","pubTimestamp":1749178080,"columns":[],"sourceInfo":{"source_id":"theblockbeats_live","name":"Blockbeats快讯"},"weMediaInfo":null,"summary":"BlockBeats News, June 6th, the latest intelligence from the SlowMist Security Team shows that the North Korean Lazarus hacking group is using a new stealthy information-stealing trojan called OtterCookie to launch targeted attacks against cryptocurrency and financial professionals.The tactics involved include forging high-paying job interview/investor talks, using deepfake videos to impersonate the recruiting party, and disguising malware as \"programming test questions\" or \"system update packages.\"The targets for theft include browser-stored login credentials, passwords and digital certificates in the macOS Keychain, as well as cryptocurrency wallet information and private keys.SlowMist advises to remain vigilant against actively provided job/investment invitations, conduct multi-factor authentication for remote interviews, avoid running executable files of unknown origin, especially those disguised as \"technical test questions\" or \"update patches,\" strengthen endpoint defense , deploy","collect":0,"end_time":0,"defaultTopTitle":"theblockbeats.info","property":[],"viewcount":null,"language":"en","relate_stocks":{},"translate_title":"SlowMist：朝鲜的Lazarus正在使用一种名为OtterCookie的新型隐形信息窃取木马对加密货币从业者发起有针对性的攻击","themeId":null,"isJumpTheme":false,"ttsUrl":null,"symbols_score_info":{"EDR":1,"TISI":1},"content_text":"BlockBeats News, June 6th, the latest intelligence from the SlowMist Security Team shows that the North Korean Lazarus hacking group is using a new stealthy information-stealing trojan called OtterCookie to launch targeted attacks against cryptocurrency and financial professionals.The tactics involved include forging high-paying job interview/investor talks, using deepfake videos to impersonate the recruiting party, and disguising malware as \"programming test questions\" or \"system update packages.\"The targets for theft include browser-stored login credentials, passwords and digital certificates in the macOS Keychain, as well as cryptocurrency wallet information and private keys.SlowMist advises to remain vigilant against actively provided job/investment invitations, conduct multi-factor authentication for remote interviews, avoid running executable files of unknown origin, especially those disguised as \"technical test questions\" or \"update patches,\" strengthen endpoint defense (EDR), deploy antivirus software, and regularly check for unusual processes.","kind":"highlight","is_publish_news":true,"is_publish_highlight":false,"is_publish_live":false,"is_publish_wemedia":null,"editions":null,"column":"","sentiment":"0","news_tag":"","news_rank":0,"symbols":[],"gpt_button":0,"code":"91000000","status":"200"}}}