Malware Alert: Konni Group Targets Blockchain Developers
The Konni hacker group is using AI-generated PowerShell malware to target developers and engineers in the blockchain sector. The attack starts with a Discord-hosted link that delivers a ZIP archive containing a PDF lure and a malicious LNK shortcut file.
How the Malware Works
Launching the shortcut file causes a DOCX to open and execute a batch file, which creates a staging directory for the backdoor and a scheduled task masquerading as a OneDrive startup task. The task reads an XOR-encrypted PowerShell script from disk and decrypts it for in-memory execution.
Protection and Prevention
Researchers have published indicators of compromise (IoCs) associated with this campaign to help defenders protect their assets. Be cautious of suspicious links and files, and ensure your system is up-to-date with the latest security patches.