tl;dr
North Korean hackers, specifically the Lazarus group, have created fake corporate entities in New Mexico and New York named Blocknovas LLC and Softglide LLC. These companies use fake personas to advertise fraudulent crypto developer jobs to infect applicants' wallets with malware and steal credentia...
North Korean state-sponsored hackers, notably the Lazarus group, have orchestrated a sophisticated cyberattack scheme by creating fake US corporations to ensnare crypto developers. These sham companies, Blocknovas LLC in New Mexico and Softglide LLC in New York, use fabricated identities to post fraudulent job offers targeting cryptocurrency experts.
Once applicants engage with these fake job postings, the hackers deploy malware designed to infect their crypto wallets and steal login credentials. This breach not only compromises individual developers but also opens pathways for further attacks on legitimate businesses by exploiting stolen information.
Silent Push researchers highlighted the unusual tactic of establishing legal entities in the US as fronts for these operations, marking a rare escalation in North Korean cyber strategies. Kasey Best, a threat intelligence director at Silent Push, emphasized the sophistication of these attacks and their potential ramifications for the broader crypto ecosystem.
In response, the FBI has taken down the Blocknovas domain and issued warnings to anyone who interacted with the site, urging them to scan their devices for malware and safeguard their personal data. While the Bureau has not released an official statement, sources recognize North Korean cyber activities as among the most advanced persistent threats to US security.
This campaign underlines the growing risks faced by cryptocurrency professionals and the need for vigilance against increasingly complex cyber threats masquerading as legitimate business opportunities.