The North-linked hacking group Lazaro reportedly uses a new malware stock called Ottercoookie to target people working in crypto and finance.
According to a June 6 alert posted to X by Web3 security company Slowmist, the group reportedly offers Stealer Malware using fake job interviews, Deepfake Recruiter videos and malware-covered coding challenges. OtterCookies can extract browser-stored credentials, MacOS keychain passwords, digital certificates, and private keys from your Crypto wallet.
Slowmist SecurityAlert🚨
Slowmist recently received intelligence indicating that the Lazarus Apt group is using a new steeler called OtterCookie in its target attacks in Crypto & Finance Pro.
🎭Tactics:
– Fake Job Interview/Investor Call
– Deepfake videos to impersonate…– slowmist (@slowmist_team) June 6, 2025
Attackers can quietly steal secret data from target systems, especially MacOS machines. Because attackers do not rely on large-scale exploits, they do not rely on methods based on highly targeted social engineering, tactics gain traction.
The latest malware appears to be part of the Lazarus Group’s ongoing efforts that permeate the cryptocurrency industry. The group was responsible for the historic $1.5 billion Bibit Hack in February, where they acquired Cold Wallet signers through social engineering and spear fishing.
You might like it too: US DOJ moves to seize $7.7 million with code linked to North Korea’s IT penetration scheme
In recent months, Lazarus has launched NPM package attacks targeting developer environments and wallet infrastructure, including Solana (SOL) and Exodus. In April, the FBI and cybersecurity company Silence Push seized a fake website used by Lazarus, known as “Block Novas.”
According to SlowMist, Crypto experts should be careful when dealing with unauthorized work or investment offers, especially if they need to download files or take part in video calls with strangers. Users should improve endpoint detection and response and do not run unknown binaries. Additionally, the system should check for abnormal activity periodically.
So far, the Crypto industry has earned the heaviest hits as a result of high-profile hacks. The losses in the first quarter reached more than $1.6 billion, and this trend appears to be continuing. Peckshield estimates the total losses from the hack in May are $244.1 million. Two important events were the $220 million Cetus protocol hack and an additional $12 million Cork protocol exploit.
read more: SUI Community Approves on the Chain Voting to Recover Funds Frozen After a $223 million Cetus Hack
Discover more from Earlybirds Invest
Subscribe to get the latest posts sent to your email.
