Alarms raised again as a recent cybersecurity report released by Cisco Talos claims that a new campaign by North Korean hackers is focused on stealing vulnerable digital assets. The malicious JavaScript code used by the attackers was linked to a rogue cryptocurrency application and an npm package to get access to systems.
The malware is called ‘OtterCookie’ or BeaverTrail, and it allows hackers to steal personal data, such as keystrokes, clipboard, screenshots, and browser-based crypto wallets, like MetaMask. The attackers seem to be focusing on cryptocurrency users who have already stored or traded tokens on Ethereum and Binance Smart Chain networks.
According to Cisco Talos, this campaign is a continuation of North Korea in terms of cyber theft to finance government activities in the face of economic sanctions. The design of the malware indicates a high level of technical skills and a targeted approach to the finance-based victims.
The attackers usually trick the victims by proposing fake remote employment or freelance jobs. The malicious JavaScript payload kicks off when a user downloads the given files or applications. When it is executed, it installs the malware, the OtterCookie, and permits unauthorized access to sensitive information.
The gathered information containing wallet credentials and seed phrases is then sent to the servers of the attackers. This allows them to empty the digital wallets and other stored financial information. Researchers say that the malware may also be inactive to avoid detection in the initial stages, and thus, victims may find it hard to detect when being compromised.
Cybersecurity specialists suggest users should not download any code or applications that are not proven. Exposing untrusted software to a virtual machine or a container can help significantly minimize exposure to such issues.
Also Read: North Korean Hackers Steal Record $2 Billion Cryptocurrency in 2025
According to reports by TechCrunch and blockchain analytics firm Elliptic, North Korean hackers have stolen in the order of 2 billion USD of cryptocurrency to date in 2025. The amount of stolen digital assets associated with the country has reached approximately 6 billion since 2017.
Users who believe they have been exposed should withdraw their money as soon as possible and withdraw token approvals on wallets that have been compromised. Reformatting the affected devices with a new operating system is also recommended in order to remove traces of malware that might be hidden. Cybersecurity experts underscore that sensitization and high-level digital hygiene are the major factors that can stop attacks in the future.
Join our WhatsApp Channel to get the latest news, exclusives and videos on WhatsApp
_____________
Disclaimer: Analytics Insight does not provide financial advice or guidance on cryptocurrencies and stocks. Also note that the cryptocurrencies mentioned/listed on the website could potentially be scams, i.e. designed to induce you to invest financial resources that may be lost forever and not be recoverable once investments are made. This article is provided for informational purposes and does not constitute investment advice. You are responsible for conducting your own research (DYOR) before making any investments. Read more about the financial risks involved here.