North Korean hacking groups have once again demonstrated how dangerously sophisticated they can be. This time, they’ve set their sights on crypto developers — posing as legitimate U.S.-based companies with one goal: to infect victims’ systems with malware.
🎭 Two Fake Companies. One Malicious Scheme.
Cybersecurity firm Silent Push has revealed that North Korean hackers created two LLCs — Blocknovas LLC in New Mexico and Softglide LLC in New York — pretending to be recruiters in the crypto industry. These companies sent “job offers” that contained malicious code. The notorious Lazarus Group, linked to North Korea’s intelligence services, is believed to be behind the operation.
A third entity, Angeloper Agency, showed the same digital fingerprint, though it wasn’t officially registered.
🧠 Malware That Steals Crypto Wallets
Once unsuspecting developers opened the infected files, the malware began harvesting login credentials, wallet keys, and other sensitive data. According to Silent Push’s report, multiple victims have already been identified — most linked to the Blocknovas domain, which was by far the most active.
The FBI has seized the domain and issued a warning that similar aliases may reappear soon.
💸 Covert Funding for North Korea’s Missile Program
According to U.S. officials, the ultimate goal of the scheme is simple: generate hard currency to fund North Korea’s nuclear weapons program. Intelligence sources say Pyongyang has been deploying thousands of IT operatives abroad to illegally raise funds through fraudulent schemes.
This case is especially troubling because it shows that North Korean hackers managed to set up legal companies inside the United States, a rare and alarming development.
🔐 Three Malware Families, One Lazarus Signature
Analysts found that the job files contained at least three known malware families, capable of opening backdoors, downloading additional malicious payloads, and stealing sensitive information. These tactics align closely with past attacks by the Lazarus Group.
⚠️ FBI Warning: Be Cautious of "Too Good to Be True" Job Offers
Federal agents emphasize that this case is a chilling reminder of how North Korea continues to evolve its cyber threats. Tech and cybersecurity professionals should thoroughly vet unsolicited job offers, especially those from unfamiliar companies. Developers infected by these schemes could lose cryptocurrency or unknowingly grant hackers access to larger systems and exchanges.
#HackerAlert , #CyberSecurity , #NorthKoreaHackers , #CryptoSecurity , #CryptoNewss
Stay one step ahead – follow our profile and stay informed about everything important in the world of cryptocurrencies!
Notice:
,,The information and views presented in this article are intended solely for educational purposes and should not be taken as investment advice in any situation. The content of these pages should not be regarded as financial, investment, or any other form of advice. We caution that investing in cryptocurrencies can be risky and may lead to financial losses.“