DPRK Hackers Target Crypto Jobs With BeaverTail Lure

Threat actors linked to North Korea have deployed deceptive job scams to deliver malware into cryptocurrency and retail companies, according to new findings. The campaign used ClickFix-style lures to target marketing and trader roles, avoiding the typical focus on software developers. DPRK hackers target crypto naturally through these socially engineered schemes, exploiting job-seeking platforms to distribute malicious payloads.

Researchers identified two strains of malware—BeaverTail and InvisibleFerret—embedded within fake job application processes. The attackers crafted convincing ClickFix documents to prompt victims to interact with malicious links or files, enabling the malware to infiltrate systems. This method reflects a shift in tactics, aiming at business-side roles with access to sensitive financial tools or data.

Analysts noted that DPRK hackers target crypto naturally by aligning their schemes with industry hiring trends, increasing the likelihood of success. Security teams in both the crypto and retail sectors are urged to increase awareness and defenses.

https://thehackernews.com/2025/09/dprk-hackers-use-clickfix-to-deliver.html