{"id":2268,"date":"2025-06-06T10:26:53","date_gmt":"2025-06-06T10:26:53","guid":{"rendered":"https:\/\/bitunikey.com\/news\/lazarus-group-targets-crypto-professionals-with-new-ottercookie-malware\/"},"modified":"2025-06-06T10:26:53","modified_gmt":"2025-06-06T10:26:53","slug":"lazarus-group-targets-crypto-professionals-with-new-ottercookie-malware","status":"publish","type":"post","link":"https:\/\/bitunikey.com\/news\/lazarus-group-targets-crypto-professionals-with-new-ottercookie-malware\/","title":{"rendered":"Lazarus Group targets crypto professionals with new \u2018OtterCookie\u2019 malware"},"content":{"rendered":"<p><\/p>\n<div class=\"post-detail__content blocks\">\n<p class=\"is-style-lead\">North Korea-linked hacking group Lazarus is reportedly using a new malware strain called OtterCookie to target people working in crypto and finance.<\/p>\n<p>According to a June 6 alert posted on X by web3 security firm SlowMist, the group is reportedly using fake job interviews, deepfake recruiter videos, and malware-laced coding challenges to deliver the stealer malware. OtterCookie can extract browser-stored credentials, macOS Keychain passwords, digital certificates, and private keys from crypto wallets.<\/p>\n<figure class=\"wp-block-embed is-type-rich is-provider-twitter wp-block-embed-twitter\">\n<div class=\"wp-block-embed__wrapper\">\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">\ud83d\udea8SlowMist Security Alert\ud83d\udea8 <\/p>\n<p>SlowMist recently received intelligence indicating that the Lazarus APT group is using a new stealer called OtterCookie in targeted attacks on crypto &amp; finance pros.<\/p>\n<p>\ud83c\udfadTactics:<br \/>&#8211; Fake job interviews\/investor calls<br \/>&#8211; Deepfake videos to impersonate\u2026<\/p>\n<p>&mdash; SlowMist (@SlowMist_Team) <a href=\"https:\/\/twitter.com\/SlowMist_Team\/status\/1930817168478007582?ref_src=twsrc%5Etfw\">June 6, 2025<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script>\n<\/div>\n<\/figure>\n<p>It enables attackers to quietly steal confidential data from targeted systems, especially macOS machines. The tactic is gaining traction as attackers rely less on large-scale exploits and more on highly targeted, social-engineering-based methods.<\/p>\n<p>The latest malware appears to be part of Lazarus Group\u2019s continuous efforts to penetrate the cryptocurrency industry. The group was responsible for February\u2019s historic $1.5 billion Bybit hack, in which they obtained cold wallet signers through social engineering and spear phishing.<\/p>\n<p>    <!-- .cn-block-related-link --><\/p>\n<p>In recent months, Lazarus has also launched npm package attacks aimed at developer environments and wallet infrastructure, including Solana (SOL) and Exodus. In April, the FBI and cybersecurity firm Silent Push seized a fake website used by Lazarus, known as \u201cBlocknovas,\u201d which posed as a U.S.-based tech company to deliver malware through job scams.<\/p>\n<p>According to SlowMist, crypto professionals should exercise caution when responding to unsolicited job or investment offers, particularly if they require downloading files or participating in video calls with strangers. Users should improve endpoint detection and response, refrain from running unknown binaries, and routinely check systems for unusual activity.<\/p>\n<p>So far this year, the crypto industry has taken the heaviest hit as a result of high-profile hacks. Q1 losses amounted to more than $1.6 billion, and the trend seems to be continuing. PeckShield estimates that losses from hacks <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/x.com\/peckshieldalert\/status\/1929000323454218316?s=46&amp;t=nznXkss3debX8JIhNzHmzw\" target=\"_blank\">totaled<\/a> $244.1 million in May. Two significant events were the $220 million Cetus Protocol hack and another $12 million Cork Protocol exploit.<\/p>\n<p>    <!-- .cn-block-related-link --><\/p><\/div>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n","protected":false},"excerpt":{"rendered":"<p>North Korea-linked hacking group Lazarus is reportedly using a new malware strain called OtterCookie to target people working in crypto and finance. According to a June 6 alert posted on&hellip;<\/p>\n","protected":false},"author":1,"featured_media":614,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-2268","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cryptocurrency"],"_links":{"self":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts\/2268","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/comments?post=2268"}],"version-history":[{"count":1,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts\/2268\/revisions"}],"predecessor-version":[{"id":2269,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts\/2268\/revisions\/2269"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/media\/614"}],"wp:attachment":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/media?parent=2268"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/categories?post=2268"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/tags?post=2268"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}