Slow Mist CISO: Beware of the new attack tool OtterCookie from the Lazarus APT organization

Gate News bot message, Slow Mist's Chief Information Security Officer (CISO) 23pds posted on social media, warning about a new type of attack tool from the Lazarus APT organization — OtterCookie.

Recently, Slow Fog received intelligence that the Lazarus APT (Advanced Persistent Threat) organization is using a new type of information-stealing malware called OtterCookie to launch targeted custom attacks against professionals in the finance and cryptocurrency industries.

Overview of Attack Methods: • Attackers disguise themselves as well-known companies, luring victims into video calls under the pretense of investment and fake interviews; • Use deepfake technology to forge the image of investors or interviewers, enhancing deception; • Inducing victims to download and run malicious programs disguised as "coding challenges" or "video software updates"; •Once executed, the OtterCookie malware begins to steal critical sensitive information.

The targets of theft include: •Login credentials stored in the browser; •Passwords and certificates stored in the macOS Keychain; •Locally stored encrypted assets, wallet information, and private key data.

Safety Recommendations: •Be cautious of any unverified investment, recruitment requests, or remote interview invitations; •Do not run binaries from unknown sources, especially so-called "challenge problems" or "upgrade patches"; • Strengthen terminal detection and response capabilities, install necessary antivirus software, and regularly check for abnormal communications and behaviors.