Contagious Interview Campaign — A Phishing Methodology
1 min read
Summary
North Korean cyber criminals are using a social engineering attack known as ‘Contagious Interview’ to target software developers and IT professionals in a phishing campaign.
Once the victim has been enticed to apply for the position, they are requested to participate in a skype interview where they are asked questions, and a malware-laced executable is sent to the victim.
If the victim downloads and runs the executable, their machine will be infected and the malware will phone home to its controllers.
The malware, written in Go, collects basic system information and sends it to the attacker’s command and control (C2) server, which responds with further instructions.
These instructions include AUTO_CHROME_GATHER, which finds Chrome directories and exfiltrates files containing sensitive data, such as usernames and passwords.