Crypto Hack Alert: North Korean Hackers Target Developers With Malware Campaign

Experts caution against a newly identified malware campaign amidst increasing crypto hacks. North Korean hackers, linked to the notorious Lazarus Group, have reportedly created three shell companies, including two in the US, to spread malware targeting crypto developers.

Through phony job interviews, these scammers trick people into compromising their crypto wallets and stealing credentials, which enables further attacks on legitimate businesses.

North Korean Hackers Target Developers: Know the Crypto Hack Risks

Cybersecurity firm Silent Push recently released a warning against the increasing crypto hacks orchestrated by the notorious North Korean hackers. The Lazarus-linked group has set up three fake companies to deliver malware to the targeted victims. These companies include BlockNovas, Angeloper Agency, and SoftGlide.

Via fake interviews, these scammers send malware to crypto developers, which will help them steal credentials and attack the businesses. The cybersecurity firm stated, “These websites and a huge network of accounts on hiring / recruiting websites are being used to trick people into applying for jobs.” Further explaining the procedures involved in the hacking, the firm added,

During the job application process an error message is displayed as someone tries to record an introduction video. The solution is an easy click fix copy and paste trick, which leads to malware if the unsuspecting developer completes the process.

Fake Employees via AI

An interesting part of the North Korean hackers’ crypto hack is the use of artificial intelligence to create fake employees. The hackers use AI to generate images and profiles for fake employees for the three front companies.

In some cases, the hackers have even stolen real images of crypto developers working in prominent firms. Silent Push noted,

There are numerous fake employees and stolen images from real people being used across this network…In one of the examples, the threat actors took a real photo from a real person, and then appeared to have run it through an AI image modifier tool to create a subtly different version of that same image.

Earlier this year, crypto exchange Deribit released a similar warning against crypto job scams. The platform identified scammers attracting job seekers by impersonating prominent crypto platforms.

FBI Seizes Fake Companies to Tackle Crypto Hacks

Though the Federal Bureau of Investigation declined to comment on the two fake companies in the US, they revealed the seizure of the Blocknovas domain as part of a law enforcement action against North Korean hackers. The bureau is targeting not only the actors but also those facilitating their schemes. An FBI official described North Korean cyber operations as “one of the most advanced persistent threats” facing the US.

This development comes following Australia’s increased scrutiny over companies involved in pig butchering crypto scams. Australia’s Securities and Investments Commission has taken the initiative to shut down 95 firms that reportedly facilitate crypto hacks.