banner1
Logo Blinking Image
banner2

HOME
MagazineCoverage

North Korean Hackers Up Their Game with AI and Tricky Lures

by VARINDIA 2025-09-25
North Korean Hackers Up Their Game with AI and Tricky Lures

North Korean state-sponsored hackers are evolving their cybercrime tactics, moving beyond traditional espionage to focus on financial theft and disruptive attacks. According to a recent investigation by GitLab Threat Intelligence, these threat actors are now using sophisticated tools like AI-generated deepfake identities and deceptive "ClickFix" error prompts to trick their victims.

The latest campaigns detailed by researchers use a clever social engineering technique:

  • Fake Job Interviews: Hackers create sham recruitment portals, often targeting individuals in marketing and crypto-trading roles. During a supposed "video assessment," a fake technical error prompt appears, urging the victim to run a system command.
  • New Malware: This prompt then secretly delivers two pieces of malware: BeaverTail, a leaner, more effective JavaScript stealer that targets web browsers, and InvisibleFerret, a Python-based backdoor. This new version of BeaverTail is more stealthy, with multi-platform support for Windows, macOS, and Linux.

The report notes a significant increase in these attacks, with approximately 230 victims identified between January and March 2025 alone. The targets included applicants to major financial companies like Robinhood and eToro.

Researchers also highlight how different North Korean hacker groups are adapting their strategies:

  • ScarCruft (APT37): This group has shifted its focus to financial gain. They are now using a new, Rust-based Windows implant called CHILLYCHINO, which is paired with FadeStealer to capture keylogs, screenshots, and audio. The use of ransomware alongside their spying tools suggests a new, blended approach to cybercrime.

  • Kimsuky (APT43): This group is leveraging AI to create deepfake military IDs for spear-phishing campaigns. These fake IDs are used to target officials, journalists, and activists in defense-themed attacks. They also use fake CAPTCHA gates to deploy malware or steal user credentials.

North Korean cyber operators are becoming more adaptable and harder to track. They are quickly rotating their infrastructure, modernizing their tools with languages like Python and Rust, and weaponizing AI for more effective attacks.

Organizations, especially those in the cryptocurrency, defense, and retail sectors, need to strengthen their defenses against these new threats. It is critical to train employees to recognize deceptive lures, such as fake job applications and "ClickFix" pop-ups, and to monitor for unusual traffic, particularly on platforms like GitHub.

er

See What’s Next in Tech With the Fast Forward Newsletter

SECURITY
View All
Commvault and BeyondTrust collaborate for Privilege Access Management

Commvault and BeyondTrust collaborate for Privilege Access Management

From Vulnerable to Vigilant: Videonetics' AI-Driven Vision for Securing India's Critical Infrastructure

From Vulnerable to Vigilant: Videonetics' AI-Driven Vision for Securing India's Critical Infrastructure

Palo Alto Networks Launches AI-Powered Ad Campaign

Palo Alto Networks Launches AI-Powered Ad Campaign

SOFTWARE
View All
Google Gemini to bring AI agents for Mac and Windows in Chrome

Google Gemini to bring AI agents for Mac and Windows in Chrome

MongoDB extends search and vector search capabilities to self-managed offerings

MongoDB extends search and vector search capabilities to self-managed offerings

OnGrid sets benchmark in workplace trust with 40% of India’s organized sector employees verified through its background verification platform

OnGrid sets benchmark in workplace trust with 40% of India’s organized sector employees verified through its background verification platform

START - UP
View All
Ex-Twitter CEO Parag Agrawal Unveils AI-Focused Startup Parallel Web Systems

Ex-Twitter CEO Parag Agrawal Unveils AI-Focused Startup Parallel Web Systems

Travel tech startup Teleport acquired by StampMyVisa

Travel tech startup Teleport acquired by StampMyVisa

Tally Solutions launches ‘Startup Challenge’ to boost innovation in manufacturing tech

Tally Solutions launches ‘Startup Challenge’ to boost innovation in manufacturing tech

Tweets From @varindiamag

CIO - SPEAK
Automation has the potential to greatly improve efficiency and production

Automation has the potential to greatly improve efficiency and production

Various approaches are followed to enhance efficiency, productivity, and cost-effectiveness

Various approaches are followed to enhance efficiency, productivity, and cost-effectiveness

Technology can be leveraged in several ways to boost efficiency, productivity and reduce cost

Technology can be leveraged in several ways to boost efficiency, productivity and reduce cost

wew
wrdf
Start-Up and Unicorn Ecosystem
Intel Courts Apple Investment as Talks Explore Deeper Ties

Intel Courts Apple Investment as Talks Explore Deeper Ties

North Korean Hackers Up Their Game with AI and Tricky Lures

North Korean Hackers Up Their Game with AI and Tricky Lures

How Generative AI is Redefining Growth Marketing

How Generative AI is Redefining Growth Marketing

Turning AI Hype into Real Business Outcomes

Turning AI Hype into Real Business Outcomes

How Agentic AI & BFSI: Shaping the Future of Smarter Finance

How Agentic AI & BFSI: Shaping the Future of Smarter Finance

Indian Tech Workers Hit by Trump’s $100K H-1B Fee

Indian Tech Workers Hit by Trump’s $100K H-1B Fee

Warning: Money Mule Fraud Alert !

Warning: Money Mule Fraud Alert !

The Rise of SOC Agents: An AI Gamble

The Rise of SOC Agents: An AI Gamble

Albania Appoints Diella: World’s First AI Minister to Fight Corruption

Albania Appoints Diella: World’s First AI Minister to Fight Corruption

SoupDealer: The Malware That Slips Past Antivirus Defenses

SoupDealer: The Malware That Slips Past Antivirus Defenses

dsf