Bad actors use fake cryptocurrency firm names to spread malware by luring job seekers into interviews. Contagious Interview, a subgroup of the notorious North Korean state-sponsored APT group, Lazarus, reportedly spread malware in its latest campaign by using three cryptocurrency consulting agency names.
Silent Push, a cybersecurity firm, reported: “In this new campaign, the threat actor group is using three front companies in the cryptocurrency consulting industry—BlockNovas LLC (blocknovas[.] com), Angeloper Agency (angeloper[.]com), and SoftGlide LLC (softglide[.]co)—to spread malware via ‘job interview lures.’”
The imposters posted fake job offers on reputable sites like CryptoJobsList.com, CryptoTask.org, and many other recruitment sites and spread malware like “BeaverTail, InvisibleFerret, and OtterCookie to enable remote access and data theft.” Once the unsuspecting victim applies for the job, the applicant receives what looks like an interview-related file; however, these contain the malware that assists the hackers in accessing confidential and sensitive information.
Furthermore, to make it look more legitimate and trustworthy, Contagious Interview used AI-generated images for profile pictures and used online platforms like GitHub, reputable job sites.
Meanwhile, in a different incident, hackers reportedly used a strategy where they used fake phones already installed with malware to drain crypto wallets. On the outside, these Android phones look brand new and genuine, however, they came pre-installed with the latest version of the malware Triada Trojan. Kaspersky researchers reported that this campaign mainly impacts Russian users, with at least 2,600 confirmed infections from March 13 to 27, 2025, based on visibility from its mobile protection tools.
Commenting on the capabilities of the new version of the Triada Trojan embedded in the firmware of fake Android smartphones, Kaspersky stated, “It can attack any application running on the device. This gives the Trojan virtually unlimited capabilities. It can control text messages and calls, steal crypto, download and run other applications, replace links in browsers, surreptitiously send messages in chat apps on your behalf, and hijack social media accounts.”
