Lazarus Group Embed New BeaverTail Variant in Developer Tools

On Thursday, December 18, 2025, cybersecurity firm Darktrace released new research regarding a dangerous new variant of BeaverTail malware, a JavaScript-based information stealer.

Linked to North Korea’s notorious Lazarus Group, the software is part of an increasingly aggressive campaign targeting the financial and cryptocurrency sectors. The research, which was shared with Hackread.com, is part of Darktrace’s latest report, The State of Cybersecurity.

According to researchers, the software often spreads through fake job offers. Hackers pose as recruiters and lure developers or crypto traders into “technical interviews” that require downloading tools like MiroTalk or FreeConference. In reality, these are traps designed to compromise the victim’s system.

A History of Evolution

It is worth noting that BeaverTail isn’t new; it has been active since 2022, but it has undergone a massive transformation. Hackread.com previously noted in October 2025 that BeaverTail was beginning to merge with another ...