{"id":40808,"date":"2025-04-25T12:00:24","date_gmt":"2025-04-25T09:00:24","guid":{"rendered":"https:\/\/coinengineer.net\/blog\/?p=40808"},"modified":"2025-04-25T10:51:13","modified_gmt":"2025-04-25T07:51:13","slug":"north-korean-hackers-target-crypto-devs","status":"publish","type":"post","link":"https:\/\/coinengineer.net\/blog\/north-korean-hackers-target-crypto-devs\/","title":{"rendered":"North Korean Hackers Target Crypto Devs!"},"content":{"rendered":"<p class=\"\" data-start=\"2705\" data-end=\"3075\">A <strong data-start=\"2707\" data-end=\"2730\">subgroup of Lazarus<\/strong>, the North Korean state-linked hacker collective, has been exposed for setting up three fake crypto consulting firms to <strong data-start=\"2851\" data-end=\"2885\">infect developers with malware<\/strong>. According to <strong data-start=\"2900\" data-end=\"2915\">Silent Push<\/strong>, these shell companies\u2014<strong data-start=\"2939\" data-end=\"2953\">BlockNovas<\/strong>, <strong data-start=\"2955\" data-end=\"2975\">Angeloper Agency<\/strong>, and <strong data-start=\"2981\" data-end=\"2994\">SoftGlide<\/strong>\u2014are part of a campaign to lure developers through <strong data-start=\"3045\" data-end=\"3074\">fraudulent job interviews<\/strong>.<\/p>\n<hr \/>\n<p data-start=\"3077\" data-end=\"3333\"><strong><em>You Might Be Interested In: <a href=\"https:\/\/coinengineer.net\/blog\/elon-musk-talks-about-the-name-of-a-new-memecoin\/\">Elon Musk Talks About the Name of a New Memecoin!<\/a><\/em><\/strong><\/p>\n<hr \/>\n<p class=\"\" data-start=\"3077\" data-end=\"3333\">Two of these companies are even <strong data-start=\"3109\" data-end=\"3143\">legally registered in the U.S.<\/strong>, adding a layer of legitimacy. During the interview, applicants receive a fake error message while trying to record a video, leading them to copy-paste a fix that actually installs malware.<\/p>\n<h2 data-start=\"3335\" data-end=\"3390\">Malware Targets Wallet Keys and Clipboard Data<\/h2>\n<p class=\"\" data-start=\"3391\" data-end=\"3692\">The campaign utilizes three malware strains: <strong data-start=\"3436\" data-end=\"3450\">BeaverTail<\/strong>, <strong data-start=\"3452\" data-end=\"3471\">InvisibleFerret<\/strong>, and <strong data-start=\"3477\" data-end=\"3493\">Otter Cookie<\/strong>. While <strong data-start=\"3501\" data-end=\"3515\">BeaverTail<\/strong> is designed for initial compromise and further payload delivery, <strong data-start=\"3581\" data-end=\"3597\">Otter Cookie<\/strong> and <strong data-start=\"3602\" data-end=\"3621\">InvisibleFerret<\/strong> focus on extracting <strong data-start=\"3642\" data-end=\"3664\">crypto wallet keys<\/strong> and <strong data-start=\"3669\" data-end=\"3691\">clipboard contents<\/strong>.<\/p>\n<p class=\"\" data-start=\"3694\" data-end=\"4003\">Silent Push also discovered that hackers are using <strong data-start=\"3745\" data-end=\"3768\">AI-generated images<\/strong> and <strong data-start=\"3773\" data-end=\"3795\">stolen real photos<\/strong> to create fake employee profiles for the companies, boosting credibility. Analyst <strong data-start=\"3878\" data-end=\"3894\">Zach Edwards<\/strong> noted that some images were subtly altered using AI tools to resemble the original person but appear unique.<\/p>\n<p class=\"\" data-start=\"4005\" data-end=\"4273\">The campaign has been active <strong data-start=\"4034\" data-end=\"4048\">since 2024<\/strong>, and <strong data-start=\"4054\" data-end=\"4081\">at least two developers<\/strong> were directly affected\u2014one of whom had their <strong data-start=\"4127\" data-end=\"4158\">MetaMask wallet compromised<\/strong>. The <strong data-start=\"4164\" data-end=\"4171\">FBI<\/strong> has since shut down <strong data-start=\"4192\" data-end=\"4206\">BlockNovas<\/strong>, but <strong data-start=\"4212\" data-end=\"4225\">SoftGlide<\/strong> and other parts of the operation remain online.<\/p>\n<p data-start=\"4005\" data-end=\"4273\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-154152 size-full\" src=\"https:\/\/coinmuhendisi.com\/blog\/wp-content\/uploads\/2025\/04\/kuzey-kore.jpg\" alt=\"Kuzey Kore\" width=\"899\" height=\"387\" \/><\/p>\n<hr \/>\n<p data-start=\"4005\" data-end=\"4273\"><em>You can also freely share your thoughts and comments about the topic in the comment section. Additionally, don\u2019t forget to follow us on our\u00a0<a href=\"https:\/\/t.me\/coinengineernews\" target=\"_blank\" rel=\"noreferrer noopener nofollow\"><strong>Telegram,\u00a0<\/strong><\/a><a href=\"https:\/\/www.youtube.com\/@CoinEngineer\" target=\"_blank\" rel=\"noreferrer noopener nofollow\"><strong>YouTube<\/strong><\/a>,\u00a0and\u00a0<a href=\"https:\/\/twitter.com\/coinengineers\" target=\"_blank\" rel=\"nofollow noopener\"><strong>Twitter<\/strong><\/a>\u00a0channels for the latest\u00a0<a title=\"News\" href=\"https:\/\/coinengineer.net\/blog\/news\/\" data-internallinksmanager029f6b8e52c=\"7\">news<\/a>\u00a0and updates.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>A subgroup of Lazarus, the North Korean state-linked hacker collective, has been exposed for setting up three fake crypto consulting firms to infect developers with malware. According to Silent Push, these shell companies\u2014BlockNovas, Angeloper Agency, and SoftGlide\u2014are part of a campaign to lure developers through fraudulent job interviews. You Might Be Interested In: Elon Musk<\/p>\n","protected":false},"author":28,"featured_media":37466,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9,657,2],"tags":[14851,14850,14848,14853,847,2169,7467,2267,5716,4020,14854,2351,14847,5913,6049,231,9623,14849,14852],"class_list":["post-40808","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-crypto-news","category-en","category-news","tag-ai-deception","tag-angeloper","tag-blocknovas","tag-crypto-developers","tag-crypto-news","tag-crypto-scam","tag-crypto-security","tag-crypto-wallet","tag-cyber-attack","tag-cybersecurity","tag-fake-companies","tag-fbi","tag-hacker-threat","tag-lazarus-group","tag-malware","tag-metamask","tag-north-korea","tag-softglide","tag-web3-threats"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.6 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>North Korean Hackers Target Crypto Devs! - Coin Engineer<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/coinengineer.net\/blog\/north-korean-hackers-target-crypto-devs\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"North Korean Hackers Target Crypto Devs! - Coin Engineer\" \/>\n<meta property=\"og:description\" content=\"A subgroup of Lazarus, the North Korean state-linked hacker collective, has been exposed for setting up three fake crypto consulting firms to infect developers with malware. According to Silent Push, these shell companies\u2014BlockNovas, Angeloper Agency, and SoftGlide\u2014are part of a campaign to lure developers through fraudulent job interviews. You Might Be Interested In: Elon Musk\" \/>\n<meta property=\"og:url\" content=\"https:\/\/coinengineer.net\/blog\/north-korean-hackers-target-crypto-devs\/\" \/>\n<meta property=\"og:site_name\" content=\"Coin Engineer\" \/>\n<meta property=\"article:published_time\" content=\"2025-04-25T09:00:24+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-04-25T07:51:13+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/coinengineer.net\/blog\/wp-content\/uploads\/2025\/02\/scam_ce.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1920\" \/>\n\t<meta property=\"og:image:height\" content=\"1080\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Yigit Taha OZTURK\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Yigit Taha OZTURK\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/coinengineer.net\/blog\/north-korean-hackers-target-crypto-devs\/\",\"url\":\"https:\/\/coinengineer.net\/blog\/north-korean-hackers-target-crypto-devs\/\",\"name\":\"North Korean Hackers Target Crypto Devs! - Coin Engineer\",\"isPartOf\":{\"@id\":\"https:\/\/coinengineer.net\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/coinengineer.net\/blog\/north-korean-hackers-target-crypto-devs\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/coinengineer.net\/blog\/north-korean-hackers-target-crypto-devs\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/coinengineer.net\/blog\/wp-content\/uploads\/2025\/02\/scam_ce.jpg\",\"datePublished\":\"2025-04-25T09:00:24+00:00\",\"dateModified\":\"2025-04-25T07:51:13+00:00\",\"author\":{\"@id\":\"https:\/\/coinengineer.net\/blog\/#\/schema\/person\/5b75ba41894c1164f25378c9022397fc\"},\"breadcrumb\":{\"@id\":\"https:\/\/coinengineer.net\/blog\/north-korean-hackers-target-crypto-devs\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/coinengineer.net\/blog\/north-korean-hackers-target-crypto-devs\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/coinengineer.net\/blog\/north-korean-hackers-target-crypto-devs\/#primaryimage\",\"url\":\"https:\/\/coinengineer.net\/blog\/wp-content\/uploads\/2025\/02\/scam_ce.jpg\",\"contentUrl\":\"https:\/\/coinengineer.net\/blog\/wp-content\/uploads\/2025\/02\/scam_ce.jpg\",\"width\":1920,\"height\":1080},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/coinengineer.net\/blog\/north-korean-hackers-target-crypto-devs\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/coinengineer.net\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"North Korean Hackers Target Crypto Devs!\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/coinengineer.net\/blog\/#website\",\"url\":\"https:\/\/coinengineer.net\/blog\/\",\"name\":\"Coin Engineer\",\"description\":\"Btc, Coins, Pre-Sale, DeFi, NFT\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/coinengineer.net\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/coinengineer.net\/blog\/#\/schema\/person\/5b75ba41894c1164f25378c9022397fc\",\"name\":\"Yigit Taha OZTURK\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/coinengineer.net\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/3c58488c3e042b9f982e35ddee6f6e94f7d62613e8b36ebd312676655fab9908?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/3c58488c3e042b9f982e35ddee6f6e94f7d62613e8b36ebd312676655fab9908?s=96&d=mm&r=g\",\"caption\":\"Yigit Taha OZTURK\"},\"url\":\"https:\/\/coinengineer.net\/blog\/author\/ceyigitt\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"North Korean Hackers Target Crypto Devs! - Coin Engineer","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/coinengineer.net\/blog\/north-korean-hackers-target-crypto-devs\/","og_locale":"en_US","og_type":"article","og_title":"North Korean Hackers Target Crypto Devs! - Coin Engineer","og_description":"A subgroup of Lazarus, the North Korean state-linked hacker collective, has been exposed for setting up three fake crypto consulting firms to infect developers with malware. According to Silent Push, these shell companies\u2014BlockNovas, Angeloper Agency, and SoftGlide\u2014are part of a campaign to lure developers through fraudulent job interviews. You Might Be Interested In: Elon Musk","og_url":"https:\/\/coinengineer.net\/blog\/north-korean-hackers-target-crypto-devs\/","og_site_name":"Coin Engineer","article_published_time":"2025-04-25T09:00:24+00:00","article_modified_time":"2025-04-25T07:51:13+00:00","og_image":[{"width":1920,"height":1080,"url":"https:\/\/coinengineer.net\/blog\/wp-content\/uploads\/2025\/02\/scam_ce.jpg","type":"image\/jpeg"}],"author":"Yigit Taha OZTURK","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Yigit Taha OZTURK","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/coinengineer.net\/blog\/north-korean-hackers-target-crypto-devs\/","url":"https:\/\/coinengineer.net\/blog\/north-korean-hackers-target-crypto-devs\/","name":"North Korean Hackers Target Crypto Devs! - Coin Engineer","isPartOf":{"@id":"https:\/\/coinengineer.net\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/coinengineer.net\/blog\/north-korean-hackers-target-crypto-devs\/#primaryimage"},"image":{"@id":"https:\/\/coinengineer.net\/blog\/north-korean-hackers-target-crypto-devs\/#primaryimage"},"thumbnailUrl":"https:\/\/coinengineer.net\/blog\/wp-content\/uploads\/2025\/02\/scam_ce.jpg","datePublished":"2025-04-25T09:00:24+00:00","dateModified":"2025-04-25T07:51:13+00:00","author":{"@id":"https:\/\/coinengineer.net\/blog\/#\/schema\/person\/5b75ba41894c1164f25378c9022397fc"},"breadcrumb":{"@id":"https:\/\/coinengineer.net\/blog\/north-korean-hackers-target-crypto-devs\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/coinengineer.net\/blog\/north-korean-hackers-target-crypto-devs\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/coinengineer.net\/blog\/north-korean-hackers-target-crypto-devs\/#primaryimage","url":"https:\/\/coinengineer.net\/blog\/wp-content\/uploads\/2025\/02\/scam_ce.jpg","contentUrl":"https:\/\/coinengineer.net\/blog\/wp-content\/uploads\/2025\/02\/scam_ce.jpg","width":1920,"height":1080},{"@type":"BreadcrumbList","@id":"https:\/\/coinengineer.net\/blog\/north-korean-hackers-target-crypto-devs\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/coinengineer.net\/blog\/"},{"@type":"ListItem","position":2,"name":"North Korean Hackers Target Crypto Devs!"}]},{"@type":"WebSite","@id":"https:\/\/coinengineer.net\/blog\/#website","url":"https:\/\/coinengineer.net\/blog\/","name":"Coin Engineer","description":"Btc, Coins, Pre-Sale, DeFi, NFT","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/coinengineer.net\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/coinengineer.net\/blog\/#\/schema\/person\/5b75ba41894c1164f25378c9022397fc","name":"Yigit Taha OZTURK","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/coinengineer.net\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/3c58488c3e042b9f982e35ddee6f6e94f7d62613e8b36ebd312676655fab9908?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/3c58488c3e042b9f982e35ddee6f6e94f7d62613e8b36ebd312676655fab9908?s=96&d=mm&r=g","caption":"Yigit Taha OZTURK"},"url":"https:\/\/coinengineer.net\/blog\/author\/ceyigitt\/"}]}},"_links":{"self":[{"href":"https:\/\/coinengineer.net\/blog\/wp-json\/wp\/v2\/posts\/40808","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/coinengineer.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/coinengineer.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/coinengineer.net\/blog\/wp-json\/wp\/v2\/users\/28"}],"replies":[{"embeddable":true,"href":"https:\/\/coinengineer.net\/blog\/wp-json\/wp\/v2\/comments?post=40808"}],"version-history":[{"count":1,"href":"https:\/\/coinengineer.net\/blog\/wp-json\/wp\/v2\/posts\/40808\/revisions"}],"predecessor-version":[{"id":40809,"href":"https:\/\/coinengineer.net\/blog\/wp-json\/wp\/v2\/posts\/40808\/revisions\/40809"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/coinengineer.net\/blog\/wp-json\/wp\/v2\/media\/37466"}],"wp:attachment":[{"href":"https:\/\/coinengineer.net\/blog\/wp-json\/wp\/v2\/media?parent=40808"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/coinengineer.net\/blog\/wp-json\/wp\/v2\/categories?post=40808"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/coinengineer.net\/blog\/wp-json\/wp\/v2\/tags?post=40808"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}