VERY IMPORTANT

A new attack linked to Famous Chollima, a North Korean threat group, has been uncovered. The group impersonates hiring organizations to target job seekers, tricking them into installing malware to steal cryptocurrency and credentials. In this incident, a system was compromised through a trojanized Node.js application called 'Chessfi'. The attackers use two evolving tools, BeaverTail and OtterCookie, which now include a new module for keylogging and taking screenshots. A malicious VS Code extension containing BeaverTail and OtterCookie code was also discovered, suggesting potential new delivery methods. The malware has expanded its functionality to include file uploading and cryptocurrency extension stealing, targeting multiple browsers and wallets.