The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

Famous Chollima Evolves Its Arsenal, Merging BeaverTail and OtterCookie

Oct 24, 2025 1:15:09 PM / by The Hivemind posted in Threat Bulletin, Famous Chollima, North Korean cyber threats, DPRK hackers, BeaverTail malware, OtterCookie backdoor, cryptocurrency stealers, InvisibleFerret payload

0 Comments

Verticals Targeted: Not specified
Regions Targeted: Sri Lanka
Related Families: BeaverTail, OtterCookie, InvisibleFerret

Executive Summary

Famous Chollima, a DPRK-aligned threat group, has evolved its arsenal, with BeaverTail and OtterCookie increasingly merging functionalities to steal credentials and cryptocurrency via deceptive job offers. A recent campaign involved a trojanized Node.js application distributed through a malicious NPM package, highlighting the group's adaptation in delivery methods.

Read More
All posts

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts

Join the Marketplace

For Enterprises and Businesses

Learn More

For Security Experts and AV Companies

Learn More