North Korean Hackers Establish Fake Firms to Deceive Users

The group Contagious Interview, linked to the North Korean hacking organization Lazarus, has registered three shell companies to distribute malware, according to a report by Silent Push.

The companies BlockNovas, Angeloper Agency, and SoftGlide are used to deceive users through fake interviews.

Senior analyst at Silent Push, Zach Edwards, stated that two of the fake companies are registered in the United States.

… and registered 2 of them as legitimate businesses in the United States.

The front companies are: BlockNovas LLC, Angeloper Agency, and SoftGlide LLC pic.twitter.com/Fg8w8hwLyB

— Zach Edwards (@thezedwards) April 24, 2025

According to Silent Push, hackers create fake employee profiles using AI-generated images. They also steal photos of real people to enhance trust in their firms.

Analysts reported that the perpetrators find victims through fake job postings on GitHub and freelance platforms.

During the “interview,” the potential victim encounters a video recording error. The solution—a “simple copy-paste trick”—leads to malware installation.

Silent Push identified three types of “contagious” software: BeaverTail, InvisibleFerret, and Otter Cookie. These programs aim to steal information, including cryptocurrency wallet keys.

According to Edwards, the hacking campaign has been ongoing since 2024, since the FBI dismantled the firm Blocknovas. Among the victims are well-known public figures, the expert noted.

Back in March 2025, North Korean perpetrators attacked crypto entrepreneurs via Zoom.

In April, hackers stole $100,000 from Jake Gallen, head of the NFT platform Emblem Vault.

In the same month, Manta Network co-founder Kenny Li revealed details of an attempted hack, allegedly orchestrated by Lazarus.