Ayoub Aouragh October 18, 2025 1 min read

North Korean hackers develop advanced JS malware using BeaverTail and OtterCookie

North Korean hackers are stepping up their game by merging two of their malware programs, BeaverTail and OtterCookie, into a more advanced threat. Cisco Talos recently reported that the notorious group, linked to the Contagious Interview campaign, is refining its toolset, making the malware even trickier to detect. The latest version of OtterCookie now includes modules for keylogging and taking screenshots, which is a significant upgrade.

This activity is tied to a cluster of threat actors that go by a bunch of names, including CL-STA-0240 and Famous Chollima. Meanwhile, Google and Mandiant revealed the hackers are using a stealthy technique called EtherHiding, allowing them to fetch payloads without raising alarms. If you’re in the cybersecurity world, keeping an eye on these developments is crucial; it’s clear these hackers are not slowing down anytime soon.

Share this article

Twitter LinkedIn Email

More insights from the team

Continue exploring adjacent research and threat briefings selected for their relevance to this topic.

View all articles

Nov 07, 2025 • 1 min

U.S. Congressional Budget Office faces suspected cyberattack

The U.S. Congressional Budget Office is in hot water after a suspected foreign cyberattack breached its network. The CBO recently confirmed the incident, raising concerns about the potential exposu...

Researchers uncover vulnerabilities in ChatGPT that expose data

Hey there! If you’re a fan of ChatGPT, you might want to pay attention. Researchers just uncovered a bunch of vulnerabilities in OpenAI's latest models, GPT-4o and GPT-5. These issues could let att...

Gootloader malware resurfaces with new tactics after seven months

Gootloader malware is back in the game after a seven-month hiatus, and it’s got some new tricks up its sleeve. This sneaky malware loader is once again using SEO poisoning to push fake websites tha...