North Korea’s OtterCookie Malware Added a New Feature to Attack Windows, Linux, and macOS

A North Korea-linked attack group, known as WaterPlum (also referred to as Famous Chollima or PurpleBravo), has been actively targeting financial institutions, cryptocurrency operators, and FinTech companies globally.

Since 2023, their infamous Contagious Interview campaign has utilized malware such as BeaverTail and InvisibleFerret to infiltrate systems.

However, in September 2024, WaterPlum introduced a sophisticated new malware dubbed “OtterCookie,” which has since undergone rapid updates.

First detailed in a December 2024 blog, OtterCookie has evolved through multiple versions (v1 to v4) with enhanced capabilities, as observed in attacks up to April 2025.

This persistent threat demonstrates the group’s determination to refine their toolkit, targeting a wide range of operating systems including Windows, Linux, and macOS, with a clear focus on data theft and system espionage.

Technical Advancements

According to the Report, OtterCookie’s evolution showcases WaterPlum’s adaptability and technical prowess.

The initial version (v1) was limited to a basic ...