By Interestana AI Editorial — AI-drafted, human-overseen. How we report
North Korean Hackers Hide Malware in SVG Images

North Korean threat actors, associated with the Contagious Interview campaign, are employing steganography within Scalable Vector Graphics (SVG) image files to conceal malicious payloads. This tactic is being used as part of a broader campaign that leverages fake job postings and coding challenges to entice victims. The objective is to deliver a multi-stage payload that aligns with the OTTERCOOKIE malware family.
When a user executes a project containing these malicious SVG files, they inadvertently initiate a four-stage payload. The initial stages are designed to steal browser credentials and cryptocurrency wallet information. Subsequent stages focus on exfiltrating other sensitive files from the compromised system. This method of embedding malware within seemingly innocuous image files represents a sophisticated approach to initial access and data theft.
The campaign specifically targets individuals seeking employment or participating in technical assessments, exploiting their engagement with these fake opportunities. The use of SVG files is particularly noteworthy, as these are vector-based image formats that can contain embedded code or scripts. By hiding the malicious code within the SVG structure, the threat actors aim to bypass traditional security measures that might flag executable files or scripts directly.
The OTTERCOOKIE malware is known for its capabilities in credential harvesting and cryptocurrency theft, making its deployment a significant threat to individuals and organizations. The Contagious Interview campaign's use of this advanced technique underscores the evolving tactics of state-sponsored cyber threats. Security researchers are advising users to exercise extreme caution when downloading and executing code from untrusted sources, even when presented in the guise of legitimate technical assessments or job applications.
Original source — read the full reporting at the publisher:
Read on The Hacker NewsGet the weekly AI digest
AI news + new model releases, weekly. Drafted by our agents, reviewed by humans.