Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
North Korean Malware Evades Detection with New Tactics

North Korean Malware Evades Detection with New Tactics

Posted on May 25, 2026 By CWS

A notorious North Korean hacking group has enhanced its stealth capabilities by modifying one of its most notorious cyber tools, making it more difficult for cybersecurity software to identify. The malware, known as InvisibleFerret, is linked to the threat actor Void Dokkaebi, also referred to as Famous Chollima. It has been repackaged into a new format that is able to bypass many traditional detection methods.

New Format for Stealth

Previously delivered as plain Python scripts, InvisibleFerret now comes as compiled binary files. This shift is a strategic move by Void Dokkaebi, who typically targets software developers with access to sensitive cryptocurrency wallet credentials and signing keys. The hackers often masquerade as recruiters from cryptocurrency or AI firms to deceive developers into executing malicious code under the guise of job interviews.

Once activated, the malware initiates a multi-stage infection process aimed at extracting sensitive data and securing persistent access to the victim’s systems. Analysts from Trend Micro have uncovered that InvisibleFerret has been obfuscated using Cython, which translates Python code into native binaries.

Implications for Detection

According to a report by Trend Micro shared with Cyber Security News, the malware is now distributed as .pyd files on Windows and .so files on macOS. This transition means that existing detection rules designed for Python-based threats may fail to recognize this newly formatted malware.

The transformation retains the malware’s full suite of capabilities, such as enabling backdoor access, stealing browser credentials, monitoring clipboard activity, logging keystrokes, and targeting cryptocurrency wallets. Additionally, the BeaverTail loader has evolved from a simple downloader into a more sophisticated threat with enhanced credential harvesting and wallet-targeting functionalities.

Security Challenges and Recommendations

This evolution presents a significant challenge to security teams, particularly those relying on script-based detection mechanisms. The move to compiled binaries represents a calculated effort to outpace defenders who have not updated their detection frameworks.

The malware’s updated structure involves several modules with specific roles. For example, the mod module establishes initial connections and downloads further payloads, while the pad module provides backdoor access and gathers system information. On macOS, the mc module installs trojanized wallet extensions and downgrades Chrome to bypass Google’s newer security measures.

To counter these threats, security professionals are encouraged to adopt binary-aware detection strategies and closely monitor unusual Python activities, especially within .vscode directories. Keeping an eye on Chrome version downgrades and trojanized wallet extensions can also be crucial in identifying potential threats.

As cyber threats continue to evolve, staying informed and updating detection strategies is essential for safeguarding sensitive information.

Cyber Security News Tags:Cryptocurrency, cyber threats, Cybersecurity, Cython, InvisibleFerret, Malware, North Korea, security software, Trend Micro, Void Dokkaebi

Post navigation

Previous Post: Russian Hacker Exploits Google Gemini for Crypto Theft
Next Post: Cloud Atlas APT Exploits Windows for Multiple RDP Sessions

Related Posts

Tropic Trooper Cyberattack Uses Novel Tools for Infiltration Tropic Trooper Cyberattack Uses Novel Tools for Infiltration Cyber Security News
OceanLotus Hacker Group Targeting Xinchuang IT Ecosystems to Launch Supply Chain Attacks OceanLotus Hacker Group Targeting Xinchuang IT Ecosystems to Launch Supply Chain Attacks Cyber Security News
New Arkanix Stealer Attacking Users to Steal VPN Accounts, Screenshots and Wi-Fi Credentials New Arkanix Stealer Attacking Users to Steal VPN Accounts, Screenshots and Wi-Fi Credentials Cyber Security News
Post-Quantum Cryptography Gains Momentum Post-Quantum Cryptography Gains Momentum Cyber Security News
Hacktivist Groups Attacks on Critical ICS Systems to Steal Sensitive Data Hacktivist Groups Attacks on Critical ICS Systems to Steal Sensitive Data Cyber Security News
Open Source CyberSOCEval Sets New Standards for AI in Malware Analysis and Threat Intelligence Open Source CyberSOCEval Sets New Standards for AI in Malware Analysis and Threat Intelligence Cyber Security News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • CISA Reviews Cybersecurity Incident from AWS Credential Leak
  • Dell BIOS Vulnerability Enables Quick Password Retrieval
  • FastNetMon Unveils Netomics for Enhanced Routing Control
  • Hackers Exploit Fake Microsoft Passkey Enrollment for Attacks
  • Top Unified Threat Management Solutions in 2026

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • CISA Reviews Cybersecurity Incident from AWS Credential Leak
  • Dell BIOS Vulnerability Enables Quick Password Retrieval
  • FastNetMon Unveils Netomics for Enhanced Routing Control
  • Hackers Exploit Fake Microsoft Passkey Enrollment for Attacks
  • Top Unified Threat Management Solutions in 2026

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark