| SYMBOL | COMMON_NAME | aka. SYNONYMS |
HexagonalRodent targets Web3 developers to steal crypto assets, employing social engineering tactics such as fake job offers. They utilize malware like BeaverTail and OtterCookie, both NodeJS-based toolkits, and InvisibleFerret, a Python-based RAT, to execute their attacks. Their TTPs include backdooring skills assessments via VSCode's tasks.json feature and conducting opportunistic exfiltration of credentials and crypto wallets. The group has also engaged in a supply chain attack, compromising the 'fast-draft' VSX extension to install malware.
There are currently no families associated with this actor.
| 2026-04-22
⋅
Expel
⋅
Inside Lazarus: How North Korea uses AI to industrialize attacks on developers BeaverTail OtterCookie InvisibleFerret HexagonalRodent |