(in)sicurezza digitaleMay 26

Void Dokkaebi evolve InvisibleFerret: il malware nordcoreano ora usa Cython per sfuggire agli antivirus

Void Dokkaebi (Famous Chollima), APT nordcoreano specializzato nel targeting di sviluppatori software, ha aggiornato il proprio infostealer InvisibleFerret compilandolo da Python a Cython. I file ora distribuiti come .pyd e .so bypassano la maggior parte delle detection tradizionali. La campagna ha compromesso oltre 750 repository GitHub e utilizza infrastruttura blockchain per rendere i C2 immuni ai takedown.

https://insicurezzadigitale.com/void-dokkaebi-evolve-invisibleferret-il-malware-nordcoreano-ora-usa-cython-per-sfuggire-agli-antivirus/

Analyst207Apr 29

AI-Assisted Code Targets Crypto Wallets via Malicious npm Dependency

Researchers have uncovered a sneaky malicious npm campaign, dubbed PromptMink, linked to North Korean hackers Famous Chollima, which targets crypto developers with fake utility packages that secretly steal sensitive info and funds. The campaign's clever tactics even involve an AI-assisted code commit to fly under the radar.

https://osintsights.com/ai-assisted-code-targets-crypto-wallets-via-malicious-npm-dependency?utm_source=mastodon&utm_medium=social

#MaliciousNpmDependency #AiassistedCode #CryptoWallets #FamousChollima #Apt37

AI-Assisted Code Targets Crypto Wallets via Malicious npm Dependency

Learn how AI-assisted code targets crypto wallets via malicious npm dependency, and protect your Web3 workflow from threats like PromptMink and Famous Chollima now.

OSINTSights
(in)sicurezza digitaleApr 24

Contagious Interview diventa un worm: Void Dokkaebi trasforma 750 repository in vettori auto-propaganti contro gli sviluppatori

Il gruppo APT nordcoreano Void Dokkaebi (Famous Chollima) ha trasformato le sue finte offerte di lavoro in un attacco supply chain capace di propagarsi automaticamente: basta aprire un repository clonato in VS Code per attivare payload nascosti in commit manipolati. A marzo 2026, Trend Micro ha mappato oltre 750 repository infetti, 500 task.json malevoli e staging C2 su Tron, Aptos e Binance Smart Chain.

https://insicurezzadigitale.com/contagious-interview-diventa-un-worm-void-dokkaebi-trasforma-750-repository-in-vettori-auto-propaganti-contro-gli-sviluppatori/

The Threat CodexFeb 27
Tracking DPRK operator IPs over time
#FAMOUSCHOLLIMA
https://kmsec.uk/blog/dprk-opsec-3/
Tracking DPRK operator IPs over time | kmsec.uk

FAMOUS CHOLLIMA's temporary email usage leaks IP addresses (opsec mistakes part 3)

Cindʎ Xiao 🍉 8964Jan 22

RE: https://social.troll.academy/@mushu/115937976404644181

https://runjak.codes/posts/2026-01-21-adversarial-coding-test/

Seems really similar to a recently reported variant of a North Korean state aligned campaign, ContagiousInterview. They've moved to VS Code tasks now

cc @lazarusholic

https://www.jamf.com/blog/threat-actors-expand-abuse-of-visual-studio-code/
https://opensourcemalware.com/blog/contagious-interview-vscode

#DPRK #ContagiousInterview #lazarus #LazarusGroup #FamousChollima

The Threat CodexNov 9, 2025
Interview with the Chollima V
#FAMOUSCHOLLIMA
https://quetzal.bitso.com/p/interview-with-the-chollima-v
Interview with the Chollima V

This is getting sad already

Bitso Quetzal Team
Hackread.comNov 3, 2025

Watch as North Korean hackers from the #FamousChollima group are caught using AI deepfakes and stolen identities in fake job interviews to infiltrate crypto and #Web3 firms.

Details: https://hackread.com/north-korean-hackers-video-ai-filter-fake-job-interview/

#CyberSecurity #CyberCrime #NorthKorea #Lazarus #Scam #AI

North Korean Hackers Caught on Video Using AI Filters in Fake Job Interviews

Follow us on Bluesky, Twitter (X), Mastodon and Facebook at @Hackread

The Threat CodexOct 16, 2025
BeaverTail and OtterCookie evolve with a new Javascript module
#BeaverTail #OtterCookie #FAMOUSCHOLLIMA
https://blog.talosintelligence.com/beavertail-and-ottercookie/
BeaverTail and OtterCookie evolve with a new Javascript module

Cisco Talos has uncovered a new attack linked to Famous Chollima, a threat group aligned with North Korea (DPRK).

Cisco Talos Blog
Hackread.comOct 16, 2025

Watch out as the North Korean hackers from the #FamousChollima group are using fake job offers to spread BeaverTail and OtterCookie malware, stealing crypto and credentials in a new attack.

Read: https://hackread.com/nk-famous-chollima-beavertail-ottercookie-malware/

#Cybersecurity #Malware #BeaverTail #OtterCookie #NorthKorea

NK’s Famous Chollima Use BeaverTail and OtterCookie Malware in Job Scam

Follow us on Bluesky, Twitter (X), Mastodon and Facebook at @Hackread

Hackread - Latest Cybersecurity, Hacking News, Tech, AI & Crypto
The Threat CodexSep 17, 2025
Tech Note - BeaverTail variant distributed via malicious repositories and ClickFix lure
#BeaverTail #InvisibleFerret #FAMOUSCHOLLIMA
https://gitlab-com.gitlab.io/gl-security/security-tech-notes/threat-intelligence-tech-notes/north-korean-malware-sept-2025/
Tech Note - BeaverTail variant distributed via malicious repositories and ClickFix lure - GitLab Security Tech Notes