Yigit Taha OZTURK 
A subgroup of Lazarus, the North Korean state-linked hacker collective, has been exposed for setting up three fake crypto consulting firms to infect developers with malware. According to Silent Push, these shell companies—BlockNovas, Angeloper Agency, and SoftGlide—are part of a campaign to lure developers through fraudulent job interviews.
You Might Be Interested In: Elon Musk Talks About the Name of a New Memecoin!
Two of these companies are even legally registered in the U.S., adding a layer of legitimacy. During the interview, applicants receive a fake error message while trying to record a video, leading them to copy-paste a fix that actually installs malware.
Malware Targets Wallet Keys and Clipboard Data
The campaign utilizes three malware strains: BeaverTail, InvisibleFerret, and Otter Cookie. While BeaverTail is designed for initial compromise and further payload delivery, Otter Cookie and InvisibleFerret focus on extracting crypto wallet keys and clipboard contents.
Silent Push also discovered that hackers are using AI-generated images and stolen real photos to create fake employee profiles for the companies, boosting credibility. Analyst Zach Edwards noted that some images were subtly altered using AI tools to resemble the original person but appear unique.
The campaign has been active since 2024, and at least two developers were directly affected—one of whom had their MetaMask wallet compromised. The FBI has since shut down BlockNovas, but SoftGlide and other parts of the operation remain online.
You can also freely share your thoughts and comments about the topic in the comment section. Additionally, don’t forget to follow us on our Telegram, YouTube, and Twitter channels for the latest news and updates.