“OtterCookie” Malware Nibbles at Developers in “Contagious Interview” Campaign
Cybersecurity researchers at NTT Security Japan have issued a warning about a new malware strain dubbed “OtterCookie” that’s targeting software developers. This sneaky malware is the latest addition to the arsenal of the “Contagious Interview” campaign, which has been active since December 2022 and is known for deploying other malicious tools like BeaverTail and InvisibleFerret.
OtterCookie, first detected in September 2024, uses a clever trick to infiltrate systems. It hides within seemingly innocuous files like Node.js projects, npm packages, and those built on frameworks like Qt or Electron. These files, often downloaded from popular platforms like GitHub and Bitbucket, contain a loader that executes malicious JavaScript code hidden within the “cookie” property.
Source: NTT Japan
Once activated, OtterCookie establishes a connection with a command-and-control server and gets to work stealing valuable data. This includes sensitive information like cryptocurrency wallet keys, documents, and images. Interestingly, the malware has evolved since its initial appearance. The September version had a built-in function to search for Ethereum keys, while the updated November variant focuses on remote command execution, demonstrating the attackers’ adaptability.
Adding to the concern, OtterCookie can also intercept clipboard data and execute reconnaissance commands, suggesting that it’s laying the groundwork for further system compromise.
Experts recommend exercising caution when receiving job offers, thoroughly vetting potential employers, and never executing unfamiliar code on their devices. Staying vigilant and informed is crucial in the face of ever-evolving cyber threats.
