North Korean Hackers Are Using New Tricks to Spread Dangerous Malware

Posted on by Bob Paradise
713a68bd cd36 4dfe 98ed ddd6e032fdd7
22
Sep

Threat groups tied to North Korea have been caught using a new scam tactic called ClickFix to spread malicious software. Security researchers recently discovered that these hackers are no longer just targeting software developers. Instead, they are now aiming at people in marketing and trading roles, especially in the cryptocurrency and retail sectors.

What’s Happening

The hackers use fake job or task invitations to lure victims into clicking links. These links trigger malware downloads disguised as harmless files. Two of the main malicious programs are:

  • BeaverTail: Steals information from a victim’s computer. It can also download more malware.
  • InvisibleFerret: A hidden “backdoor” that lets hackers secretly access and control a computer.

Both programs have been part of a long-running campaign known as Contagious Interview (also called Gwisin Gang). This campaign often tricks victims by pretending to be part of a job interview or skills test.

How the Malware Spreads

  • Through fake job assessments sent to unsuspecting professionals.
  • By malicious npm packages (used by developers).
  • Via fake video conferencing apps such as FCCCall and FreeConference.
  • Now, through ClickFix lures, which push users to “fix” fake problems by clicking links.

These attacks have evolved to also use compiled files that work on Windows, macOS, and Linux, making them more dangerous and harder to avoid.

Why This Is a Big Deal

  1. Broader targeting: It’s not just software engineers anymore. Regular office staff in marketing, trading, or retail could be tricked.
  2. Data theft: The malware can steal sensitive business information, personal logins, and financial data.
  3. System takeover: Once installed, hackers can remotely control a victim’s computer.
  4. Multi-platform reach: Attacks now work across different operating systems, so no one is “safe” just because they use a Mac or Linux system.

What You Can Do

  • Be cautious of unexpected job offers or interview requests online.
  • Avoid clicking on links or downloading files from unknown senders.
  • Double-check video conferencing apps and software sources before installing.
  • Keep systems updated and use security tools that can spot suspicious activity.
  • Companies should train staff in phishing awareness and set up layered defenses.

The Bottom Line

North Korean hackers are adapting their tactics to fool a wider range of workers. Their goal is to steal information and gain access to systems that could benefit their state-sponsored operations. By knowing how these scams work and staying alert, both individuals and businesses can reduce their risk of becoming victims.

Want to Keep your Business Safe?

Download The New England Business Owner’s Guide to Creating a Cybersecurity Culture now for free — and start building habits that stop threats before they become crises.

Bob Paradise

Bob Paradise has a track record of achieving success by utilizing his analytical and technical skills, along with leveraging diverse technology and cybersecurity solutions, to enhance business capabilities and reduce organizational risks.