The Contagious Interview campaign, executed by North Korean threat actors, utilizes the cross-platform malware OtterCookie which has recently been upgraded. As detailed by NTT Security Holdings, these actors have introduced updated versions v3 and v4 in early 2025. The malware is designed to steal credentials and sensitive data from browsers and files through various vectors such as malicious npm packages or bogus videoconferencing apps. OtterCookie v4 notably increases its functionality with new modules targeting Google Chrome credentials and provides additional stealth in detecting VM environments, signaling an advanced persistent threat landscape.
OtterCookie v4 adds modules for stealing credentials from Google Chrome and extracting data from MetaMask, enhancing its capabilities beyond previous versions.
The continuous updates to OtterCookie demonstrate the persistent evolution of North Korean cyber threat actors, indicating a sophisticated approach to credential theft.
Collection
[
|
...
]