Tech Note - BeaverTail variant distributed via malicious repositories and ClickFix lure

We’ve identified infrastructure used to distribute BeaverTail and InvisibleFerret malware variants since at least May 2025. BeaverTail and InvisibleFerret are malware families operated by North Korean nation-state threat actors tracked under identifiers, including Contagious Interview and Famous Chollima.

We’re publicizing this campaign because it contains slight shifts in threat actor tradecraft that may provide insight into the direction of future operations:

• The threat actor used ClickFix lures to target marketing and trader roles in cryptocurrency and retail sector organizations rather than targeting software development roles.
• The threat actor’s malware was compiled into executables rather than typical distribution as scripts reliant on interpreters already present on target systems.

To read the complete article see: Full Article