{"id":23415,"date":"2025-04-25T12:24:35","date_gmt":"2025-04-25T09:24:35","guid":{"rendered":"https:\/\/forklog.com\/en\/north-korean-hackers-establish-fake-firms-to-deceive-users\/"},"modified":"2025-04-25T12:24:35","modified_gmt":"2025-04-25T09:24:35","slug":"north-korean-hackers-establish-fake-firms-to-deceive-users","status":"publish","type":"post","link":"https:\/\/forklog.com\/en\/north-korean-hackers-establish-fake-firms-to-deceive-users\/","title":{"rendered":"North Korean Hackers Establish Fake Firms to Deceive Users"},"content":{"rendered":"<p>The group Contagious Interview, linked to the North Korean hacking organization Lazarus, has registered three shell companies to distribute malware, according to a report by <a href=\"https:\/\/www.silentpush.com\/blog\/contagious-interview-front-companies\/\">Silent Push<\/a>.<\/p>\n<p>The companies BlockNovas, Angeloper Agency, and SoftGlide are used to deceive users through fake interviews.<\/p>\n<p>Senior analyst at Silent Push, Zach Edwards, stated that two of the fake companies are registered in the United States.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">\u2026 and registered 2 of them as legitimate businesses in the United States. <\/p>\n<p>The front companies are: BlockNovas LLC, Angeloper Agency, and SoftGlide LLC <a href=\"https:\/\/t.co\/Fg8w8hwLyB\">pic.twitter.com\/Fg8w8hwLyB<\/a><\/p>\n<p>\u2014 Zach Edwards (@thezedwards) <a href=\"https:\/\/twitter.com\/thezedwards\/status\/1915490569662718329?ref_src=twsrc%5Etfw\">April 24, 2025<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>According to Silent Push, hackers create fake employee profiles using AI-generated images. They also steal photos of real people to enhance trust in their firms.<\/p>\n<p>Analysts reported that the perpetrators find victims through fake job postings on GitHub and freelance platforms.<\/p>\n<p>During the &#8220;interview,&#8221; the potential victim encounters a video recording error. The solution\u2014a &#8220;simple copy-paste trick&#8221;\u2014leads to malware installation.<\/p>\n<p>Silent Push identified three types of &#8220;contagious&#8221; software: BeaverTail, InvisibleFerret, and Otter Cookie. These programs aim to steal information, including cryptocurrency wallet keys.<\/p>\n<p>According to Edwards, the hacking campaign has been ongoing since 2024, since the <span data-descr=\"Federal Bureau of Investigation\" class=\"old_tooltip\">FBI<\/span> dismantled the firm Blocknovas. Among the victims are well-known public figures, the expert noted.<\/p>\n<p>Back in March 2025, North Korean perpetrators <a href=\"https:\/\/forklog.com\/en\/news\/north-korean-hackers-exploit-zoom-to-target-crypto-entrepreneurs\">attacked<\/a> crypto entrepreneurs via Zoom.<\/p>\n<p>In April, hackers <a href=\"https:\/\/forklog.com\/en\/news\/hackers-exploit-zoom-to-steal-100000-from-emblem-vault-ceo\">stole<\/a> $100,000 from Jake Gallen, head of the NFT platform Emblem Vault.<\/p>\n<p>In the same month, Manta Network co-founder Kenny Li <a href=\"https:\/\/forklog.com\/en\/news\/manta-network-co-founder-evades-lazarus-groups-zoom-attack\">revealed<\/a> details of an attempted hack, allegedly orchestrated by Lazarus.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The group Contagious Interview, linked to the North Korean hacking organization Lazarus, has registered three shell companies to distribute malware, according to a report by Silent Push. The companies BlockNovas, Angeloper Agency, and SoftGlide are used to deceive users through fake interviews. Senior analyst at Silent Push, Zach Edwards, stated that two of the fake [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":23414,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"","news_style_id":"","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[44,1125,1202],"class_list":["post-23415","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-cybercrime","tag-lazarus","tag-north-korea-dprk"],"aioseo_notices":[],"amp_enabled":true,"views":"45","promo_type":"","layout_type":"","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/23415","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/comments?post=23415"}],"version-history":[{"count":0,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/23415\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media\/23414"}],"wp:attachment":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media?parent=23415"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/categories?post=23415"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/tags?post=23415"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}