You Might Be Interested In: Elon Musk Talks About the Name of a New Memecoin!

Two of these companies are even legally registered in the U.S., adding a layer of legitimacy. During the interview, applicants receive a fake error message while trying to record a video, leading them to copy-paste a fix that actually installs malware.

Malware Targets Wallet Keys and Clipboard Data

The campaign utilizes three malware strains: BeaverTail, InvisibleFerret, and Otter Cookie. While BeaverTail is designed for initial compromise and further payload delivery, Otter Cookie and InvisibleFerret focus on extracting crypto wallet keys and clipboard contents.

Silent Push also discovered that hackers are using AI-generated images and stolen real photos to create fake employee profiles for the companies, boosting credibility. Analyst Zach Edwards noted that some images were subtly altered using AI tools to resemble the original person but appear unique.

The campaign has been active since 2024, and at least two developers were directly affected—one of whom had their MetaMask wallet compromised. The FBI has since shut down BlockNovas, but SoftGlide and other parts of the operation remain online.

You can also freely share your thoughts and comments about the topic in the comment section. Additionally, don’t forget to follow us on our Telegram, YouTube, and Twitter channels for the latest news and updates.

The post North Korean Hackers Target Crypto Devs! appeared first on Coin Engineer.

Malware Hidden in “Coding Assignments”

Hackers from the group Slow Pisces (aka Jade Sleet / TraderTraitor) approach developers on LinkedIn, offering dream gigs in DeFi or blockchain security. Once trust is built, they send malware-infected coding challenges hosted on GitHub. When opened, these files steal SSH keys, cloud access credentials, and crypto wallet data.

You Might Be Interested In: Elon Musk Talks About the Name of a New Memecoin!

Using Freelance Platforms to Spread

According to Hacken and Cyvers, platforms like Upwork and Fiverr are also being used by attackers posing as hiring managers.

“They create credible profiles and fake resumes just to infiltrate Web3 firms via targeted developers,” says Hayato Shigekawa of Chainalysis.

Security Tips for Devs

• Always use virtual machines or sandboxes to test external code
• Verify job offers via official channels
• Never store secrets in plain text
• Be wary of unverified packages and unsolicited opportunities
• Implement endpoint protection and operational hygiene

“If it looks too good to be true, it probably is,” warns Luis Lubeck of Hacken.

You can also freely share your thoughts and comments about the topic in the comment section. Additionally, don’t forget to follow us on our Telegram, YouTube, and Twitter channels for the latest news and updates.

The post North Korean Hackers Target Crypto Devs with Fake Job Offers appeared first on Coin Engineer.

Cthulhu Stealer passes for official tools like CleanMyMac and Adobe GenP. Once consumers download the disguised file, the virus asks them to input their system password and then demands the password for prominent crypto wallets like MetaMask, Coinbase, and Binance. Text files contain the pilfers of data; the virus also captures operating system version and IP address of the victim.

“The main functionality of Ghostbusters Stealer is to steal credentials and bitcoin wallets from many stores, including game accounts,” said Cado researcher Tara Gould. This virus may be a modified form of Atomic Stealer, another malware found in 2023 aimed against Apple systems, as it shares traits with that other malware.

Reportedly leased out for $500 a month using the Telegram chat system, Cthulhu Stealer was sold and revenues were distributed among associates. But disagreements over payments have resulted in charges of an exit scam by the malware’s creators.

Apple has responded by noting the increasing danger and updating its macOS system to improve security, especially by bolstering Gatekeeper safeguards to guarantee only trustworthy apps are allowed to operate. Mac users should be alert against any dangers to their computers and bitcoin wallets.

You can also freely share your thoughts and comments about the topic in the comment section. Additionally, don’t forget to follow us on our Telegram, YouTube, and Twitter channels for the latest news and updates.

The post New Malware “Cthulhu Stealer” Targets Mac Users and Crypto Wallets appeared first on Coin Engineer.

Unveiling the Threat

In a recent threat report by Kaspersky, a major cybersecurity company, it was revealed that Kimsuky deployed the malware Durian for targeted attacks against at least two South Korean crypto companies. Kaspersky called the attack “persistent,” noting that the exploitation of legitimate security software targeted the crypto industry in South Korea.

The Anatomy of Durian

Durian, previously unaccounted for and unnamed by security researchers, acts as a multifaceted installer, allowing for the constant deployment of malicious tools. Some of these tools include the infamous “AppleSeed” backdoor, a custom proxy tool called LazyLoad, and even seemingly innocuous software such as Chrome Remote Desktop. Kaspersky explained the capacities of Durian, highlighting the complete backdoor capability for command execution, file downloading, and data exfiltration.

Lazarus Linkage

Particularly, Kaspersky linked the Durian campaign with the notorious North-Korean hacking team, the Lazarus Group. Andariel, a Lazarus subgroup, had also used LazyLoad, a component of Durian. This connection implies that there is cooperation or common resources between Kimsuky and the notorious Lazarus Group.

The Lazarus Ledger

The association of the Lazarus Group with crypto heists dates back to the year of its emergence, which is 2009. Lately, blockchain investigator ZachXBT uncovered the widespread money laundering operations of Lazarus, uncovering a mind-blowing $200 million laundered between 2020 and 2023. Accusations against Lazarus total over $3 billion in crypto theft over six years, with a chunk of 17%, or approximately $309 million, from their 2023 activities.

The evolution of the cyber battlefield gave rise to Durian and reflected the North Korean threat actors’ quest for monetary profits. While the shadow of Lazarus is still present in the crypto world, the affirmative force of South Korean organizations and the watchfulness of cybersecurity specialists are crucial in stopping such intricate attacks.

The post North Korean Hackers Target South Korean Crypto Firms with New “Durian” Malware Variant appeared first on Coin Engineer.