Lazarus Group Expands BeaverTail Malware Capabilities

First reported

18.12.2025 14:00

Last updated

1 unique sources, 1 articles

Summary

Hide ▲

A new variant of the BeaverTail malware has been linked to the Lazarus Group, targeting cryptocurrency traders, developers, and retail employees. The malware, which functions as both an information stealer and a loader, has evolved to include advanced obfuscation techniques and diverse delivery methods. It has been observed using layered Base64 and XOR encoding to conceal its behavior and has been distributed through trojanized npm packages, fake job interview platforms, and ClickFix lures. The malware's capabilities now include keylogging, screenshot capture, and clipboard monitoring, aimed at stealing cryptocurrency wallet data and credentials. Additionally, BeaverTail has been merged with another DPRK-linked strain known as OtterCookie, enhancing its browser profile enumeration and remote access capabilities.

Timeline

18.12.2025 14:00 1 articles · 15h ago

Lazarus Group Linked to New BeaverTail Malware Variant
A newly observed variant of the BeaverTail malware has been tied to the Lazarus Group, targeting cryptocurrency traders, developers, and retail employees. The malware uses advanced obfuscation techniques and diverse delivery methods, including trojanized npm packages, fake job interview platforms, and ClickFix lures. It has been observed using layered Base64 and XOR encoding to conceal its behavior and includes capabilities such as keylogging, screenshot capture, and clipboard monitoring. Additionally, BeaverTail has been merged with the OtterCookie strain, enhancing its browser profile enumeration and remote access capabilities.
Show sources

New BeaverTail Malware Variant Linked to Lazarus Group — www.infosecurity-magazine.com — 18.12.2025 14:00
Open in new tab

Information Snippets

The BeaverTail malware has been linked to the Lazarus Group, targeting cryptocurrency traders, developers, and retail employees.
First reported: 18.12.2025 14:00

1 source, 1 article
Show sources
- New BeaverTail Malware Variant Linked to Lazarus Group — www.infosecurity-magazine.com — 18.12.2025 14:00
The malware uses layered Base64 and XOR encoding to conceal its behavior.
First reported: 18.12.2025 14:00

1 source, 1 article
Show sources
- New BeaverTail Malware Variant Linked to Lazarus Group — www.infosecurity-magazine.com — 18.12.2025 14:00
BeaverTail has been distributed through trojanized npm packages, fake job interview platforms, and ClickFix lures.
First reported: 18.12.2025 14:00

1 source, 1 article
Show sources
- New BeaverTail Malware Variant Linked to Lazarus Group — www.infosecurity-magazine.com — 18.12.2025 14:00
The malware includes keylogging, screenshot capture, and clipboard monitoring capabilities.
First reported: 18.12.2025 14:00

1 source, 1 article
Show sources
- New BeaverTail Malware Variant Linked to Lazarus Group — www.infosecurity-magazine.com — 18.12.2025 14:00
BeaverTail has been merged with the OtterCookie strain, enhancing its browser profile enumeration and remote access capabilities.
First reported: 18.12.2025 14:00

1 source, 1 article
Show sources
- New BeaverTail Malware Variant Linked to Lazarus Group — www.infosecurity-magazine.com — 18.12.2025 14:00

Summary

Timeline

Lazarus Group Linked to New BeaverTail Malware Variant

Information Snippets