Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Blockchain. Show all posts
North Korea Hackers
Blockchain Crypto workers Info Stealing Malware Job Scam malware North Korea Hackers

Crypto Workers Tricked in Job Scams Involving New Malware Linked to North Korea

 



A new online scam is targeting people who work in the cryptocurrency industry, using fake job offers and interviews to trick them into installing harmful software on their devices.

According to a report by cybersecurity researchers at Cisco Talos, the attack involves a new type of malware called PylangGhost. It is a remote access tool also known as a trojan, built using the Python programming language. Once installed, it allows attackers to secretly control the victim’s computer and steal private data like passwords and session cookies.

The people behind the scam are believed to be tied to North Korean hacking groups, who have been linked to several past cryptocurrency-related cybercrimes. This time, they are pretending to be recruiters from well-known companies like Coinbase, Uniswap, and Robinhood to appear trustworthy.


How the Scam Works

The attackers set up fake job websites that look like they belong to real crypto companies. They then contact professionals in the industry, especially those with experience in blockchain development and invite them to apply for jobs.

Victims are asked to complete technical assessments and share personal details, believing it's part of the interview process. Later, they’re told to prepare for a video interview and are asked to install what is described as a “video driver” to improve camera quality. However, this download is actually the PylangGhost malware.

Once installed, the software can:

1. Steal login credentials from over 80 browser extensions (such as MetaMask, Phantom, and 1Password).

2. Allow attackers to access and control the computer remotely.

3. Stay hidden and continue running even after a system reboot.


Real-World Examples

Researchers say this method has already been used in India and other countries. Similar scams in the past included fake companies like “BlockNovas LLC” and “SoftGlide LLC,” which were created to look legitimate. In one case, the FBI had to shut down one of these websites.

In another incident, engineers at the crypto exchange Kraken discovered that one job applicant was a North Korean hacker. The person was caught when they failed basic identity checks during an interview.

The malware also has a history. PylangGhost is the Python version of an earlier program called GolangGhost, which was used to target macOS systems. The newer version is now aimed specifically at Windows users, while Linux systems appear unaffected for now.


Security Experts Call for Action

Cybersecurity experts in India say this growing threat should be taken seriously. Dileep Kumar H V, director at Digital South Trust, has recommended:

• Regular cybersecurity audits for blockchain firms.

• Stronger legal protections under India’s IT Act.

• National awareness campaigns and better monitoring of fake job portals.

He also stressed the need for international coordination, urging agencies like CERT-In, MEITY, and NCIIPC to work together with global partners to counter these attacks.


Why It Matters

These scams reflect a shift in tactics and deployment of new technologies, from hacking exchanges to targeting individuals. By stealing credentials or gaining insider access, attackers may be trying to infiltrate companies from within. As the crypto industry continues to expand and transcend boundaries, so do the risks, thus making awareness and vigilance more critical than ever.



Read more »
quantum cryptography
Blockchain Blockchain Security Chinese Tech Cyber Security Post-Quantum post-quantum cryptography Quantum Quantum Computers Quantum computing quantum cryptography

Chinese Scientists Develop Quantum-Resistant Blockchain Storage Technology

 

A team of Chinese researchers has unveiled a new blockchain storage solution designed to withstand the growing threat posed by quantum computers. Blockchain, widely regarded as a breakthrough for secure, decentralized record-keeping in areas like finance and logistics, could face major vulnerabilities as quantum computing advances. 

Typically, blockchains use complex encryption based on mathematical problems such as large-number factorization. However, quantum computers can solve these problems at unprecedented speeds, potentially allowing attackers to forge signatures, insert fraudulent data, or disrupt the integrity of entire ledgers. 

“Even the most advanced methods struggle against quantum attacks,” said Wu Tong, associate professor at the University of Science and Technology Beijing. Wu collaborated with researchers from the Beijing Institute of Technology and Guilin University of Electronic Technology to address this challenge. 

Their solution is called EQAS, or Efficient Quantum-Resistant Authentication Storage. It was detailed in early June in the Journal of Software. Unlike traditional encryption that relies on vulnerable math-based signatures, EQAS uses SPHINCS – a post-quantum cryptographic signature tool introduced in 2015. SPHINCS uses hash functions instead of complex equations, enhancing both security and ease of key management across blockchain networks. 

EQAS also separates the processes of data storage and verification. The system uses a “dynamic tree” to generate proofs and a “supertree” structure to validate them. This design improves network scalability and performance while reducing the computational burden on servers. 

The research team tested EQAS’s performance and found that it significantly reduced the time needed for authentication and storage. In simulations, EQAS completed these tasks in approximately 40 seconds—far faster than Ethereum’s average confirmation time of 180 seconds. 

Although quantum attacks on blockchains are still uncommon, experts say it’s only a matter of time. “It’s like a wooden gate being vulnerable to fire. But if you replace the gate with stone, the fire becomes useless,” said Wang Chao, a quantum cryptography professor at Shanghai University, who was not involved in the research. “We need to prepare, but there is no need to panic.” 

As quantum computing continues to evolve, developments like EQAS represent an important step toward future-proofing blockchain systems against next-generation cyber threats.
Read more »
North Korea cyberattack
Apple Apple MacOS Blockchain Blockchain Technology Crypto Attack crypto community cryptocurrency Cyber Attacks data security Data Theft Mac Mac Malware Malware Attack Malwares North Korea cyberattack

North Korean Malware Targets Mac Users in Crypto Sector via Calendly and Telegram

 

Cybersecurity researchers have identified a sophisticated malware campaign targeting Mac users involved in blockchain technologies. According to SentinelLabs, the attack has been linked to North Korean threat actors, based on an investigation conducted by Huntabil.IT. 

The attack method is designed to appear as a legitimate interaction. Victims are contacted via Telegram, where the attacker impersonates a known associate or business contact. They are then sent a meeting invite using Calendly, a widely-used scheduling platform. The Calendly message includes a link that falsely claims to be a “Zoom SDK update script.” Instead, this link downloads malware specifically designed to infiltrate macOS systems. 

The malware uses a combination of AppleScript, C++, and the Nim programming language to evade detection. This mix is relatively novel, especially the use of Nim in macOS attacks. Once installed, the malware gathers a broad range of data from the infected device. This includes system information, browser activity, and chat logs from Telegram. It also attempts to extract login credentials, macOS Keychain passwords, and data stored in browsers like Arc, Brave, Firefox, Chrome, and Microsoft Edge. Interestingly, Safari does not appear to be among the targeted applications. 

While the campaign focuses primarily on a niche audience—Mac users engaged in crypto-related work who use Calendly and Telegram—SentinelLabs warns that the tactics employed could signal broader threats on the horizon. The use of obscure programming combinations to bypass security measures is a red flag for potential future campaigns targeting a wider user base. 

To safeguard against such malware, users are advised to avoid downloading software from public code repositories or unofficial websites. While the Mac App Store is considered the safest source for macOS applications, software downloaded directly from reputable developers’ websites is generally secure. Users who rely on pirated or cracked applications remain at significantly higher risk of infection. 

Cyber hygiene remains essential. Never click on suspicious links received via email, text, or social platforms, especially from unknown or unverified sources. Always verify URLs by copying and pasting them into a text editor to see their true destination before visiting. It’s also crucial to install macOS security updates promptly, as these patches address known vulnerabilities.  

For additional protection, consider using trusted antivirus software. Guides from Macworld suggest that while macOS has built-in security, third-party tools like Intego can offer enhanced protection. As malware campaigns evolve in complexity and scope, staying vigilant is the best defense.
Read more »
Web3
Blockchain cryptocurrency Cyber Attacks CyberCrime Cybersecurity global threat Hacking IT workers North Korea Sanctions Web3

North Korea’s Global Cybercrime Network Uncovered: Fake IT Workers Funding Regime's Ambitions

 

A new report by cybersecurity firm DTEX has exposed how North Korea is operating a sophisticated international cybercrime network by embedding fake information technology workers within leading global corporations. These operatives, disguised as freelance developers, are channeling millions in stolen cryptocurrency to fund the reclusive nation’s military and weapons programs.

According to the report, North Korean agents are not driven by ideology but by a systemic need to survive. Trained from a young age, many are groomed to become covert cyber operatives or IT contractors. Two individuals, using the aliases “Naoki Murano” and “Jenson Collins,” were found residing in Russia and are believed to be involved in infiltrating Western companies. They’ve been linked to a $6 million cryptocurrency theft.

The regime operates through shadowy IT entities like Chinyong, which positions agents in countries like China, Laos, and Russia. These agents gain trust within blockchain and cryptocurrency projects, ultimately diverting digital assets back to Pyongyang. Since 2017, North Korea has reportedly funneled tens of millions of dollars through such schemes—prompting U.S. sanctions for financing weapons development (see: US Sanctions North Korean Entities for Sending Regime Funds).

The report states that North Korea’s cyber program has reached a pivotal stage, with its tactics becoming more aggressive and unpredictable. The regime now deploys techniques ranging from supply chain attacks to financial sector infiltration and even online propaganda. DTEX researchers noted that these operatives are so deeply integrated into major cryptocurrency and Web3 initiatives that, “it would seem that every other Web3 project has a North Korean on the payroll.”

“The threat of unintentionally hiring North Korean IT workers is larger than most people realize,” Kevin Mandia, founder and former CEO of Mandiant, said in a statement accompanying the report. “It's cover is global and active right now - which is why the industry and government need to work together to come up with solutions to counter the threat.”

The study also challenges the notion that North Korean cyber operatives follow rigid roles. Instead, many shift between missions, take on leadership responsibilities, and reuse false identities—suggesting a highly adaptive and fluid structure.

Past investigations have revealed that North Korean attacks on European tech firms were often facilitated by individuals operating from the U.S. and the U.K. An April report by Mandiant warned of increasing attempts by North Korean IT workers to secure positions in defense and government agencies, with U.S. businesses being their primary focus—even as operations grow across Europe (see: North Korean IT Scammers Targeting European Companies).

Michael Barnhart, the lead analyst behind the DTEX report, said his research is based on open-source intelligence, testimonies from defectors, blockchain forensics, and insights from Web3 infrastructure. He also leveraged proprietary datasets from unnamed partners to trace how North Korean agents shift money, access, and identities across borders.

“DPRK operatives are persistent,” Barnhart wrote, adding that North Korean cyber agents “do not take kindly to scrutiny” and “will try to uncover who is studying them and how.”
Read more »
WebSockets
Blockchain codebase Credentials Crypto Cybersecurity dataexfiltration dependency devtools Firewall Gmail Hacking malware phishing PyPI python scripts SMTP Spoofing Threatactors WebSockets

Malicious PyPI Packages Exploit Gmail to Steal Sensitive Data

 

Cybersecurity researchers have uncovered a disturbing new tactic involving malicious PyPI packages that use Gmail to exfiltrate stolen data and communicate with threat actors. The discovery, made by security firm Socket, led to the removal of the infected packages from the Python Package Index (PyPI), although not before considerable damage had already occurred.

Socket reported identifying seven malicious packages on PyPI, some of which had been listed for more than four years. Collectively, these packages had been downloaded over 55,000 times. Most were spoofed versions of the legitimate "Coffin" package, with deceptive names such as Coffin-Codes-Pro, Coffin-Codes, NET2, Coffin-Codes-NET, Coffin-Codes-2022, Coffin2022, and Coffin-Grave. Another package was titled cfc-bsb.

According to the researchers, once installed, these packages would connect to Gmail using hardcoded credentials and initiate communication with a command-and-control (C2) server. They would then establish a WebSockets tunnel that leverages Gmail’s email server, allowing the traffic to bypass traditional firewalls and security systems.

This setup enabled attackers to remotely execute code, extract files, and gain unauthorized access to targeted systems.

Evidence suggests that the attackers were mainly targeting cryptocurrency assets. One of the email addresses used by the malware featured terms like “blockchain” and “bitcoin” — an indication of its intent.

“Coffin-Codes-Pro establishes a connection to Gmail’s SMTP server using hardcoded credentials, namely sphacoffin@gmail[.]com and a password,” the report says.
“It then sends a message to a second email address, blockchain[.]bitcoins2020@gmail[.]com politely and demurely signaling that the implant is working.”

Socket has issued a warning to all Python developers and users who may have installed these packages, advising them to remove the compromised libraries immediately, and rotate all sensitive credentials.

The researchers further advised developers to remain alert for suspicious outbound connections:

“especially SMTP traffic”, and warned them not to trust a package just because it was a few years old.
“To protect your codebase, always verify package authenticity by checking download counts, publisher history, and GitHub repository links,” they added.

“Regular dependency audits help catch unexpected or malicious packages early. Keep strict access controls on private keys, carefully limiting who can view or import them in development. Use isolated, dedicated environments when testing third-party scripts to contain potentially harmful code.”
Read more »
python
Blockchain cryptocurrency Cyber Attacks Cybersecurity GitHub Hacker JavaScript Linkedin malware python

North Korean Hacker Group Targets Cryptocurrency Developers via LinkedIn

 

A North Korean threat group known as Slow Pisces has launched a sophisticated cyberattack campaign, focusing on developers in the cryptocurrency industry through LinkedIn. Also referred to as TraderTraitor or Jade Sleet, the group impersonates recruiters offering legitimate job opportunities and coding challenges to deceive their targets. In reality, they deliver malicious Python and JavaScript code designed to compromise victims' systems.

This ongoing operation has led to massive cryptocurrency thefts. In 2023 alone, Slow Pisces was tied to cyber heists exceeding $1 billion. Notable incidents include a $1.5 billion breach at a Dubai exchange and a $308 million theft from a Japanese firm. The attackers typically initiate contact by sending PDFs containing job descriptions and later provide coding tasks hosted on GitHub. Although these repositories mimic authentic open-source projects, they are secretly altered to carry hidden malware.

As victims work on these assignments, they unknowingly execute malicious programs like RN Loader and RN Stealer on their devices. These infected projects resemble legitimate developer tools—for instance, Python repositories that claim to analyze stock market data but are actually designed to communicate with attacker-controlled servers.

The malware cleverly evades detection by using YAML deserialization techniques instead of commonly flagged functions like eval or exec. Once triggered, the loader fetches and runs additional malicious payloads directly in memory, making the infection harder to detect and eliminate.

One key malware component, RN Stealer, is built to extract sensitive information, including credentials, cloud configuration files, and SSH keys, especially from macOS systems. JavaScript-based versions of the malware behave similarly, leveraging the Embedded JavaScript templating engine to conceal harmful code. This code activates selectively based on IP addresses or browser signatures, targeting specific victims.

Forensic investigations revealed that the malware stores its code in hidden folders and uses HTTPS channels secured with custom tokens to communicate. However, experts were unable to fully recover the malicious JavaScript payload.

Both GitHub and LinkedIn have taken action against the threat.

"GitHub and LinkedIn removed these malicious accounts for violating our respective terms of service. Across our products, we use automated technology, combined with teams of investigation experts and member reporting, to combat bad actors and enforce terms of service. We continue to evolve and improve our processes and encourage our customers and members to report any suspicious activity," the companies said in a joint statement.

Given the increasing sophistication of these attacks, developers are urged to exercise caution when approached with remote job offers or coding tests. It is recommended to use robust antivirus solutions and execute unknown code within secure, sandboxed environments, particularly when working in the high-risk cryptocurrency sector.

Security experts advise using trusted integrated development environments (IDEs) equipped with built-in security features. Maintaining a vigilant and secure working setup can significantly lower the chances of falling victim to these state-sponsored cyberattacks.
Read more »
TON
Blockchain Crypto Cyberattacks CyberCrime Cybersecurity CyberThreat Digital Privacy Technology Telegram TON

Telegram's TON Blockchain Embarks on US Growth Mission

 



A foundation, closely associated with Telegram, called the Open Network (TON), is pursuing ambitious expansion in the United States. A strategic move like this comes amid the expectation that Donald Trump's upcoming administration will be able to offer a more favourable regulatory environment. The TON Foundation is proud to announce a pivotal leadership transition: Manuel "Manny" Stotz, an experienced investor and blockchain advocate, has been selected as President of the organisation. 

There is a new chapter in the foundation's journey to accelerate global adoption of the blockchain, emphasising expanded operations in the United States as part of a strategic expansion plan. In a statement released by a spokesperson for the TON Foundation to Cointelegraph on January 14, a spokesperson confirmed to the Cointelegraph that the US will become one of the most important markets for TON under the Trump Administration. 

The TON Foundation has recently appointed Manuel Stotz, one of the world's leading digital asset investors, as its new president. The foundation will be able to expand its operations in the U.S. market with Stotz, the founder of Kingsway Capital Partners. Stotz stated that the U.S. would soon become a global crypto centre specialising in innovation. Steve Yun, who will remain a board member, will resign from the presidency, and he will be taking over the CEO role. 

In light of the trend that a new president in the US is expected to provide a more favourable environment for cryptocurrency, this shift reflects this expectation. It is expected that his administration will address some of the most important regulatory issues on the day of his inauguration, which is scheduled for January 20, among crypto supporters. Among the concerns is how digital assets are treated by banks, with many in the crypto sector hoping that a change will happen in the rules regarding whether they will be accounted for as liabilities. 

In addition to the issue of “de-banking,” which has impacted many crypto firms in the U.S., another issue that may be addressed is the issue of blockchain technology and its prospects. It has been Stotz's honour to serve as a board member of the TON Foundation since it was founded in Switzerland in 2023. With his new role at the TON Foundation, he will replace Steve Yun, who remains on the board. Stotz is a major investor in the digital asset industry and is the founder of Kingsway Capital Partners, an investment management firm. 

There have been over 50 projects backed by the firm, among them Animoca Brands, Blockchain.com, CoinDCX, Toncoin, Genesis Digital Assets, and others. In the TON Foundation's opinion, the changing regulatory environment in the United States offers new opportunities for blockchain technology. Notably, several industry participants are optimistic about the incoming administration's pro-crypto stance, which includes plans for creating a national Bitcoin reserve and promoting blockchain-based economic reform. 

As President-elect Trump has also indicated his desire to advance the field by appointing influential figures, such as Paul Atkins and David Sacks, to key positions in the sector, it is anticipated that these developments will lead to a surge in blockchain and artificial intelligence innovation. TON Foundation president Stotz believes that these developments may signify a turning point for the industry as a whole, and he believes that the US is an important market for accelerating blockchain adoption worldwide.

A decentralised project called TON is closely related to Telegram's TON blockchain, which was developed by the messenger and then turned into a decentralised project. The Toncoin token allows the network to provide 950 million Telegram users with services such as in-app payments and games, and with Stotz's leadership, TON plans to increase its user base and integrate blockchain-based solutions into everyday applications under Stotz's leadership. 

The main objective of the fund is to use Telegram's vast global audience to promote the widespread adoption of blockchain technologies. With the TON Foundation, which is dedicated to supporting the development of the TON blockchain, Telegram's 950 million users will have access to crypto services through Telegram's platform. In 2023, Telegram formalised the foundation in Switzerland, a year after a 2020 settlement with the SEC ended Telegram's earlier fundraising efforts. 

It was announced in December 2024 that the foundation would be expanding to Abu Dhabi following the ADGM's distributed ledger technology framework. This move is intended to provide legal backing for decentralised projects throughout the MENA and APAC regions, with a target of reaching 500 million users by 2028. In the crypto industry, the return of Trump to power could be considered a turning point in the market as a result. He has announced that cryptocurrencies will be treated differently in the United States of America than they were in the past, which could result in more blockchain projects coming into the country in the future and increased innovation in decentralised technologies. 

Despite this change in leadership at the TON Foundation, the organisation continues to adhere to its mission and values even during this transition and continues to follow through with its objectives. As a board member of the foundation, Steve Yun provides ongoing leadership and direction and Manny Stotz plays a pivotal role in helping to make it a place for growth, collaboration, and innovation in the future. TON anticipates milestones to be achieved in the US over the coming months, which will further enhance the company's reputation as one of the leading blockchain companies in the world.

Read more »
Technology
Artificial Intelligence Blockchain Developers Healthcare Marketing Technology

AI and Blockchain: Shaping the Future of Personalization and Security

 

The integration of Artificial Intelligence (AI) and blockchain technology is revolutionizing digital experiences, especially for developers aiming to enhance user interaction and improve security. By combining these cutting-edge technologies, digital platforms are becoming more personalized while ensuring that user data remains secure. 

Why Personalization and Security Are Essential 

A global survey conducted in the third quarter of 2024 revealed that 64% of consumers prefer to engage with companies that offer personalized experiences. Simultaneously, 53% of respondents expressed significant concerns about data privacy. These findings highlight a critical balance: users desire tailored interactions but are equally cautious about how their data is managed. The integration of AI and blockchain offers innovative solutions to address both personalization and privacy concerns. 

AI has seamlessly integrated into daily life, with tools like ChatGPT becoming indispensable across industries. A notable advancement in AI is the adoption of Common Crawl's customized blockchain. This system securely stores vast datasets used by AI models, enhancing data transparency and security. Blockchain’s immutable nature ensures data integrity, making it ideal for managing the extensive data required to train AI systems in applications like ChatGPT. 

The combined power of AI and blockchain is already transforming sectors like marketing and healthcare, where personalization and data privacy are paramount.

  • Marketing: Tools such as AURA by AdEx allow businesses to analyze user activity on blockchain platforms like Ethereum. By studying transaction data, AURA helps companies implement personalized marketing strategies. For instance, users frequently interacting with decentralized exchanges (DEXs) or moving assets across blockchains can receive tailored marketing content aligned with their behavior.
  • Healthcare: Blockchain technology is being used to store medical records securely, enabling AI systems to develop personalized treatment plans. This approach allows healthcare professionals to offer customized recommendations for nutrition, medication, and therapies while safeguarding sensitive patient data from unauthorized access.
Enhancing Data Security 

Despite AI's transformative capabilities, data privacy has been a longstanding concern. Earlier AI tools, such as previous versions of ChatGPT, stored user data to refine models without clear consent, raising privacy issues. However, the industry is evolving with the introduction of privacy-centric tools like Sentinel and Scribe. These platforms employ advanced encryption to protect user data, ensuring that information remains secure—even from large technology companies like Google and Microsoft. 
 
The future holds immense potential for developers leveraging AI and blockchain technologies. These innovations not only enhance user experiences through personalized interactions but also address critical privacy challenges that have persisted within the tech industry. As AI and blockchain continue to evolve, industries such as marketing, healthcare, and beyond can expect more powerful tools that prioritize customization and data security. By embracing these technologies, businesses can create engaging, secure digital environments that meet users' growing demands for personalization and privacy.
Read more »
Subscribe to: Posts (Atom)