Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Malware

COVERTCATCH (Dropper) – Malware

February 25, 2025
Reading Time: 2 mins read
in Malware
COVERTCATCH (Dropper) – Malware

COVERTCATCH

Type of Malware

Dropper

Country of Origin

North Korea

Date of Initial Activity

2024

Motivation

Cyberwarfare
Data Theft

Attack Vectors

Phishing

Type of Information Stolen

Cryptocurrencies

Targeted Systems

MacOS

Overview

The COVERTCATCH campaign is a sophisticated and stealthy cybercriminal operation that has been actively targeting individuals and organizations involved in Web3 technologies, including cryptocurrency exchanges and decentralized finance (DeFi) projects. The campaign is notable for its use of social engineering tactics, specifically leveraging fake job recruitment efforts to deliver malware. This method allows threat actors to gain initial access to targeted systems, setting the stage for later stages of infiltration that can involve the theft of sensitive data and digital assets. COVERTCATCH malware, disguised as innocent-looking coding challenges or job-related documents, is often delivered via platforms like LinkedIn, where attackers engage potential victims in convincing conversations before deploying malicious payloads.

Targets

Individuals Finance and Insurance Information

How they operate

Upon execution, the malware establishes an initial foothold by exploiting these vulnerabilities to drop additional payloads. One of the primary techniques used by COVERTCATCH is the deployment of a remote access Trojan (RAT) that provides the attackers with full control over the compromised system. This RAT is capable of bypassing security measures such as antivirus software and firewalls by using obfuscation techniques. COVERTCATCH malware often operates in a manner that avoids detection by traditional security tools, such as encrypting its communications or using polymorphic code to change its appearance with each infection. This makes it difficult for both users and automated security systems to identify and neutralize the threat quickly. Once installed, the COVERTCATCH malware establishes communication with a command-and-control (C2) server, typically located on the dark web. The C2 server allows the attackers to issue commands, upload additional malicious tools, and exfiltrate sensitive information from the infected machine. One of the key objectives of the malware is to harvest valuable data, including credentials and private keys related to cryptocurrency wallets and decentralized finance (DeFi) platforms. The attackers use this information to gain access to digital assets and initiate unauthorized transfers. In some instances, the malware is designed to target specific Web3 infrastructure, such as cloud environments or decentralized exchanges, further enhancing the attack’s effectiveness. To ensure persistence and avoid detection, the COVERTCATCH malware often includes rootkit-like capabilities that enable it to remain hidden within the system even after reboot. Additionally, it can disable system security tools, monitor network traffic for signs of detection, and self-update to counteract efforts to remove it. The malware can also create encrypted tunnels to maintain secure communication with its C2 server, making it difficult for defenders to block or trace these interactions. This sophisticated, layered approach ensures that COVERTCATCH remains a persistent threat in the Web3 ecosystem, capable of executing long-term operations with minimal chances of being caught. The technical expertise behind the COVERTCATCH campaign demonstrates the evolving nature of cyber threats targeting high-value targets within the cryptocurrency and blockchain sectors.  
References
  • DeFied Expectations — Examining Web3 Heists
Tags: COVERTCATCHCryptocurrencyCybercriminalDeFiDroppersMacOSMalwareNorth KoreaVulnerabilitiesWeb3 technologies
ADVERTISEMENT

Related Posts

Iranian Phishing Campaign (Scam) – Malware

Iranian Phishing Campaign (Scam) – Malware

March 2, 2025
Fake WalletConnect (Infostealer) – Malware

Fake WalletConnect (Infostealer) – Malware

March 2, 2025
SilentSelfie (Infostealer) – Malware

SilentSelfie (Infostealer) – Malware

March 2, 2025
Sniper Dz (Scam) – Malware

Sniper Dz (Scam) – Malware

March 2, 2025
TikTok Malware Scam (Trojan) – Malware

TikTok Malware Scam (Trojan) – Malware

March 2, 2025
Zombinder (Exploit Kit) – Malware

Zombinder (Exploit Kit) – Malware

March 2, 2025

Latest Alerts

New ZeroCrumb Malware Steals Browser Cookies

TikTok Videos Spread Vidar StealC Malware

CISA Commvault ZeroDay Flaw Risks Secrets

GitLab Patch Stops Service Disruption Risks

3AM Ransomware Email Bomb and Vishing Threat

Function Confusion Hits Serverless Clouds

Subscribe to our newsletter

    Latest Incidents

    Cetus Crypto Exchange Hacked For $223M

    MCP Data Breach Hits 235K NC Lab Patients

    UFCW Data Breach Risks Social Security Data

    Cyberattack Paralyzes French Hauts de Seine

    Santa Fe City Loses $324K In Hacker Scam

    Belgium Housing Hit by Ransomware Attack

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial