Home
News
Details

North Korean hackers target Web3 developers with AI-powered attacks, stealing $12 million in three months

iconChaincatcher
Share
Share IconShare IconShare IconShare IconShare IconShare IconCopy
This is the logo of the coin.
BTC
$75,596.60-2.16%
This is the logo of the coin.
ETH
$2,242.10-3.74%
This is the logo of the coin.
XRP
$1.36143-2.48%
This is the logo of the coin.
SOL
$82.57-2.71%
This is the logo of the coin.
DOGE
$0.10542.99%
AI summary iconSummary

expand icon
Web3 news outlets report that cybersecurity firm Expel has uncovered a North Korea-linked APT group, HexagonalRodent, targeting Web3 developers. The hackers used fake job postings to lure victims into completing malicious skill assessments, exploiting VSCode to deploy malware. BeaverTail, OtterCookie, and InvisibleFerret enable password theft and remote control. AI and crypto news highlights their use of tools like ChatGPT and Cursor to build malware and fake company websites. The group recently compromised a VSCode extension and registered a shell company in Mexico. Over $12 million in crypto and NFTs was stolen within three months.

ChainCatcher report: According to a cybersecurity report by Expel, the company is tracking a highly assessed North Korean (DPRK) state-sponsored APT group, “HexagonalRodent,” which targets Web3 developers with the aim of stealing high-value digital assets such as cryptocurrencies and NFTs. The group primarily conducts attacks through forged job postings—publishing high-salary positions on LinkedIn and Web3 job platforms to lure applicants into completing “skill tests” embedded with malicious code, which leverages VSCode’s tasks.json functionality to automatically execute malware when victims open project folders. The malware used includes BeaverTail, OtterCookie, and InvisibleFerret, featuring capabilities such as password theft, remote control, and reverse shells. Notably, the group extensively utilizes generative AI tools like ChatGPT and Cursor to develop malware, construct fake corporate websites, and generate AI-created executive teams, even registering shell companies in Mexico to enhance the credibility of their attacks. Additionally, the group recently executed its first supply chain attack by successfully compromising a VSCode extension.

Source:Show original
Disclaimer: The information on this page may have been obtained from third parties and does not necessarily reflect the views or opinions of KuCoin. This content is provided for general informational purposes only, without any representation or warranty of any kind, nor shall it be construed as financial or investment advice. KuCoin shall not be liable for any errors or omissions, or for any outcomes resulting from the use of this information. Investments in digital assets can be risky. Please carefully evaluate the risks of a product and your risk tolerance based on your own financial circumstances. For more information, please refer to our Terms of Use and Risk Disclosure.