Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
North Korean Malware Evades Detection with New Tactics

North Korean Malware Evades Detection with New Tactics

Posted on May 25, 2026 By CWS

A notorious North Korean hacking group has enhanced its stealth capabilities by modifying one of its most notorious cyber tools, making it more difficult for cybersecurity software to identify. The malware, known as InvisibleFerret, is linked to the threat actor Void Dokkaebi, also referred to as Famous Chollima. It has been repackaged into a new format that is able to bypass many traditional detection methods.

New Format for Stealth

Previously delivered as plain Python scripts, InvisibleFerret now comes as compiled binary files. This shift is a strategic move by Void Dokkaebi, who typically targets software developers with access to sensitive cryptocurrency wallet credentials and signing keys. The hackers often masquerade as recruiters from cryptocurrency or AI firms to deceive developers into executing malicious code under the guise of job interviews.

Once activated, the malware initiates a multi-stage infection process aimed at extracting sensitive data and securing persistent access to the victim’s systems. Analysts from Trend Micro have uncovered that InvisibleFerret has been obfuscated using Cython, which translates Python code into native binaries.

Implications for Detection

According to a report by Trend Micro shared with Cyber Security News, the malware is now distributed as .pyd files on Windows and .so files on macOS. This transition means that existing detection rules designed for Python-based threats may fail to recognize this newly formatted malware.

The transformation retains the malware’s full suite of capabilities, such as enabling backdoor access, stealing browser credentials, monitoring clipboard activity, logging keystrokes, and targeting cryptocurrency wallets. Additionally, the BeaverTail loader has evolved from a simple downloader into a more sophisticated threat with enhanced credential harvesting and wallet-targeting functionalities.

Security Challenges and Recommendations

This evolution presents a significant challenge to security teams, particularly those relying on script-based detection mechanisms. The move to compiled binaries represents a calculated effort to outpace defenders who have not updated their detection frameworks.

The malware’s updated structure involves several modules with specific roles. For example, the mod module establishes initial connections and downloads further payloads, while the pad module provides backdoor access and gathers system information. On macOS, the mc module installs trojanized wallet extensions and downgrades Chrome to bypass Google’s newer security measures.

To counter these threats, security professionals are encouraged to adopt binary-aware detection strategies and closely monitor unusual Python activities, especially within .vscode directories. Keeping an eye on Chrome version downgrades and trojanized wallet extensions can also be crucial in identifying potential threats.

As cyber threats continue to evolve, staying informed and updating detection strategies is essential for safeguarding sensitive information.

Cyber Security News Tags:Cryptocurrency, cyber threats, Cybersecurity, Cython, InvisibleFerret, Malware, North Korea, security software, Trend Micro, Void Dokkaebi

Post navigation

Previous Post: Russian Hacker Exploits Google Gemini for Crypto Theft
Next Post: Cloud Atlas APT Exploits Windows for Multiple RDP Sessions

Related Posts

New Malware Attack Leverages SVGs, Email Attachments to Deliver XWorm and Remcos RAT New Malware Attack Leverages SVGs, Email Attachments to Deliver XWorm and Remcos RAT Cyber Security News
CISA Warns of Trend Micro Apex One OS Command Injection Vulnerability Exploited in Attacks CISA Warns of Trend Micro Apex One OS Command Injection Vulnerability Exploited in Attacks Cyber Security News
Ivanti Releases Security Patches for Multiple Products Ivanti Releases Security Patches for Multiple Products Cyber Security News
Sidewinder APT Hackers Leverage Nepal Protests to Push Mobile and Windows Malware Sidewinder APT Hackers Leverage Nepal Protests to Push Mobile and Windows Malware Cyber Security News
Hackers Attempted to Misuse Claude AI to Launch Cyber Attacks Hackers Attempted to Misuse Claude AI to Launch Cyber Attacks Cyber Security News
ChatGPT Atlas Stores OAuth Tokens Unencrypted Leads to Unauthorized Access to User Accounts ChatGPT Atlas Stores OAuth Tokens Unencrypted Leads to Unauthorized Access to User Accounts Cyber Security News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Malware Targets Paysafe, Skrill, Neteller Users
  • Critical HP Linux Printing Software Flaw Threatens Security
  • Microsoft Entra Passkey Enrollment Exploited by Hackers
  • RedHook Malware Exploits ADB Debugging for Control
  • ACSC Raises Alarm on CMS Exploitation Threat

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Malware Targets Paysafe, Skrill, Neteller Users
  • Critical HP Linux Printing Software Flaw Threatens Security
  • Microsoft Entra Passkey Enrollment Exploited by Hackers
  • RedHook Malware Exploits ADB Debugging for Control
  • ACSC Raises Alarm on CMS Exploitation Threat

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark