Lazarus Group hackers use new methods to steal crypto developers data
Fake firms spread malware to crypto devs
A newly uncovered cyberattack campaign has revealed how North Korean hackers are leveraging fake American companies to compromise cryptocurrency developers.
The campaign is attributed to the Lazarus Group, a well-known state-backed hacking collective, and highlights a new level of sophistication in targeting the crypto industry, Silent Push reported.
Phantom firms and malware-loaded job offers
According to cybersecurity firm Silent Push, the Lazarus Group has established three shell companies — including BlockNovas and SoftGlide in the U.S. — to act as fronts for distributing malware. These companies were quietly registered in New York and New Mexico using false identities and addresses.
The attackers pose as tech recruiters, initiating phony job interviews to deliver malware to their targets. Once engaged, candidates are asked to record a video introduction. When a supposed technical issue arises, they are directed to copy and paste a "solution" — which installs malicious software capable of stealing private wallet credentials and accessing internal company systems.
Silent Push notes that these tactics represent a growing threat to the integrity of crypto platforms. “The goal is to compromise wallets and credentials, enabling attackers to steal digital assets or use access for further infiltration,” the firm stated.
FBI responds, shuts down domain
The Federal Bureau of Investigation has seized at least one domain, BlockNovas.com, as part of ongoing efforts to dismantle North Korean cyber operations. While officials declined to comment on the specifics of SoftGlide or other related entities, they confirmed a broader campaign targeting North Korea-linked cybercrime facilitators.
An FBI spokesperson described North Korean cyber actors as "one of the most advanced persistent threats" currently facing the United States.
Broader implications
The revelation coincides with Australia's recent crackdown on crypto-related scams, including the closure of 95 firms connected to fraudulent schemes. Experts warn that similar fronts may still be active globally, using elaborate cover identities and marketing channels.
As cryptocurrency adoption continues to grow, experts urge developers and firms to strengthen security protocols and remain vigilant. Phishing through employment platforms now represents one of the most insidious tactics in the modern threat landscape.
We also remind you that we informed you that Lazarus Group hackers target crypto investors via LinkedIn.
