importantSYS.SOURCE: The Hacker News• 2026-07-17T19:18:56+05:30
North Korean Hackers Exploit SVG Images to Deploy OtterCookie Malware via Fake Coding Tests
North Korean threat actors are using steganography in SVG flag images to hide OtterCookie-aligned malware within fake coding tests targeting developers. The malware employs a four-stage payload to steal credentials, files, and cryptocurrency data, leveraging social engineering via job postings and compromised repositories.
North Korean threat actors linked to the Contagious Interview campaign have been observed employing steganography in SVG image files to conceal malicious payloads as part of a campaign using fake job postings and coding challenges.
"Any user who ran the project ended up with a four-stage payload aligned with OTTERCOOKIE: a browser credential and crypto wallet stealer, a file stealer, a
*** END OF TRANSMISSION ***