MalcatSep 25, 2025

#Malcat tip #10: analysing backdoored clean software can be hard.

A quick win is to pivot around known constants, thanks to Malcat's 400k+ constants DB (here a #Tropidoor dlder):

The Threat CodexApr 7, 2025
BeaverTail and Tropidoor Malware Distributed via Recruitment Emails
#UNC5342 #BeaverTail #Tropidoor
https://asec.ahnlab.com/en/87299/
BeaverTail and Tropidoor Malware Distributed via Recruitment Emails - ASEC

On November 29, 2024, a case was disclosed in which threat actors impersonated a recruitment email from a developer community called Dev.to to distribute malware. [1] In this case, the attacker provided a BitBucket link containing a project, and the victim discovered malicious code within the project and disclosed it to the community. The project […]

ASEC
Rene RobichaudApr 4, 2025

Beware! Weaponized Job Recruitment Emails Spreading BeaverTail and Tropidoor Malware
https://gbhackers.com/beware-weaponized-job-recruitment-emails/

#Infosec #Security #Cybersecurity #CeptBiro #WeaponizedJobRecruitmentEmails #BeaverTail #Tropidoor #Malware

Beware! Weaponized Job Recruitment Emails Spreading BeaverTail and Tropidoor Malware

A concerning malware campaign was disclosed by the AhnLab Security Intelligence Center (ASEC), revealing how threat actors.

GBHackers Security | #1 Globally Trusted Cyber Security News Platform
lazarusholicApr 3, 2025
"BeaverTail and Tropidoor Malware Distributed via Recruitment Emails" published by Ahnlab. #BeaverTail, #Tropidoor, #DPRK, #CTI https://asec.ahnlab.com/en/87299/
BeaverTail and Tropidoor Malware Distributed via Recruitment Emails - ASEC

On November 29, 2024, a case was disclosed in which threat actors impersonated a recruitment email from a developer community called Dev.to to distribute malware. [1] In this case, the attacker provided a BitBucket link containing a project, and the victim discovered malicious code within the project and disclosed it to the community. The project […]

ASEC
lazarusholicApr 2, 2025
"채용 메일을 위장한 피싱 공격 정황 사례 분석 (BeaverTail, Tropidoor)" published by Ahnlab. #BeaverTail, #Tropidoor, #DPRK, #CTI https://asec.ahnlab.com/ko/87227/
채용 메일을 위장한 피싱 공격 정황 사례 분석 (BeaverTail, Tropidoor) - ASEC

2024년 11월 29일 Dev.to라는 이름의 개발자 커뮤니티에서 다음과 같이 채용 공고 메일을 위장해 악성코드를 유포하는 사례가 공개되었다. [1] 해당 사례에서 공격자는 프로젝트가 포함된 BitBucket 링크를 전달하였으며 피해자는 프로젝트 내부에 악성코드가 포함된 것을 확인하고 커뮤니티에 공개하였다. 프로젝트 내부에는 “tailwind.config.js”라는 이름으로 존재하는 BeaverTail 악성코드와 함께 “car.dll”이라는 이름의 다운로더 악성코드가 있었다.   Figure 1. 개발자 커뮤니티에서 공개된 공격 […]

ASEC