New Malware Targets Blockchain Developers
The North Korean hacker group Konni is using AI-generated PowerShell malware to target developers and engineers in the blockchain sector.
How the Attack Works
The attack begins with a Discord-hosted link that delivers a ZIP archive containing a PDF lure and a malicious LNK shortcut file. When the shortcut file is launched, it opens a DOCX file and executes a batch file.
Malware Capabilities
The malware performs hardware, software, and user activity checks to ensure it is not running in analysis environments. It then generates a unique host ID and contacts the command-and-control (C2) server to send basic host metadata.
Protection and Research
Researchers have published indicators of compromise (IoCs) associated with this recent campaign to help defenders protect their assets. The full research report is available for download.