SYMBOLCOMMON_NAMEaka. SYNONYMS
js.beavertail (Back to overview)

BeaverTail


BeaverTail is a JavaScript malware primarily distributed through NPM packages. It is designed for information theft and to load further stages of malware, specifically a multi-stage Python-based backdoor known as InvisibleFerret. BeaverTail targets cryptocurrency wallets and credit card information stored in the victim's web browsers. Its code is heavily obfuscated to evade detection. Threat actors can either upload malicious NPM packages containing BeaverTail to GitHub or inject BeaverTail code into legitimate NPM projects. Researchers have identified additional Windows and macOS variants, indicating that the BeaverTail malware family is likely still under development.

References
2024-11-14Palo AltoUnit 42
Fake North Korean IT Worker Linked to BeaverTail Video Conference App Phishing Attack
BeaverTail InvisibleFerret WageMole
2024-11-14eSentireeSentire
Bored BeaverTail & InvisibleFerret Yacht Club – A Lazarus Lure Pt.2
BeaverTail InvisibleFerret
2024-11-04ZscalerZscaler
From Pyongyang to Your Payroll: The Rise of North Korean Remote Workers in the West
BeaverTail InvisibleFerret WageMole
2024-11-04Israel National Cyber Directorate (INCD)Israel National Cyber Directorate (INCD)
Deep Drive Analysis of the BeaverTail Infostealer
BeaverTail
2024-10-29MacnicaHiroshi Takeuchi
Job Offer from the North: Contagious Interview for Software Developers
BeaverTail InvisibleFerret
2024-10-29SecurityScorecardSecurityScorecard STRIKE Team
The Job Offer That Wasn’t: How We Stopped an Espionage Plot
BeaverTail InvisibleFerret
2024-10-24DatadogDatadog
Tenacious Pungsan: A DPRK threat actor linked to Contagious Interview
BeaverTail InvisibleFerret
2024-09-10StacklokStacklok
Dependency hijacking: Dissecting North Korea’s new wave of DeFi-themed open source attacks targeting developers
BeaverTail InvisibleFerret
2024-09-04Group-IBSharmine Low
APT Lazarus: Eager Crypto Beavers, Video calls and Games
BeaverTail
2024-07-31SecuronixSecuronix
Research Update: Threat Actors Behind the DEV#POPPER Campaign Have Retooled and are Continuing to Target Software Developers via Social Engineering
BeaverTail
2024-05-10Qianxin Threat Intelligence CenterThreat Intelligence Center
Recruitment trap for blockchain practitioners: Analysis of suspected Lazarus (APT-Q-1) stealing operations
BeaverTail
2024-03-24SecuronixSecuronix
Analysis of DEV#POPPER: New Attack Campaign Targeting Software Developers Likely Associated With North Korean Threat Actors
BeaverTail
2023-11-21Palo Alto Networks Unit 42Unit 42
Hacking Employers and Seeking Employment: Two Job-Related Campaigns Bear Hallmarks of North Korean Threat Actors
BeaverTail InvisibleFerret WageMole

There is no Yara-Signature yet.