North Korean threat actors are deploying new malware, OtterCookie, in the Contagious Interview campaign targeting software developers with fake job offers. Active since December 2022, the campaign also uses BeaverTail and InvisibleFerret malware. OtterCookie, introduced in September with a new variant in November, is delivered via infected Node.js projects, npm packages, or applications like Qt and Electron. It communicates with its C2 server using WebSocket, enabling data theft, including cryptocurrency wallet keys and clipboard data. Developers are advised to verify potential employers and avoid running untrusted code on their devices.

‍