• bitcoinBitcoin (BTC) $ 88,885.00
  • ethereumEthereum (ETH) $ 2,938.94
  • tetherTether (USDT) $ 0.999130
  • bnbBNB (BNB) $ 884.02
  • xrpXRP (XRP) $ 1.92
  • usd-coinUSDC (USDC) $ 0.999611
  • solanaSolana (SOL) $ 127.40
  • jusdJUSD (JUSD) $ 0.999053
  • tronTRON (TRX) $ 0.300410
  • staked-etherLido Staked Ether (STETH) $ 2,938.11
  • dogecoinDogecoin (DOGE) $ 0.124796
  • figure-helocFigure Heloc (FIGR_HELOC) $ 1.03
  • cardanoCardano (ADA) $ 0.360459
  • wrapped-stethWrapped stETH (WSTETH) $ 3,599.58
  • bitcoin-cashBitcoin Cash (BCH) $ 594.81
  • whitebitWhiteBIT Coin (WBT) $ 54.36
  • wrapped-bitcoinWrapped Bitcoin (WBTC) $ 88,473.00
  • wrapped-beacon-ethWrapped Beacon ETH (WBETH) $ 3,199.70
  • wrapped-eethWrapped eETH (WEETH) $ 3,193.54
  • usdsUSDS (USDS) $ 0.999560
  • moneroMonero (XMR) $ 510.15
  • binance-bridged-usdt-bnb-smart-chainBinance Bridged USDT (BNB Smart Chain) (BSC-USD) $ 0.999319
  • chainlinkChainlink (LINK) $ 12.25
  • leo-tokenLEO Token (LEO) $ 8.97
  • coinbase-wrapped-btcCoinbase Wrapped BTC (CBBTC) $ 88,804.00
  • stellarStellar (XLM) $ 0.212199
  • wethWETH (WETH) $ 2,937.45
  • ethena-usdeEthena USDe (USDE) $ 0.999629
  • zcashZcash (ZEC) $ 363.30
  • suiSui (SUI) $ 1.50
  • canton-networkCanton (CC) $ 0.149856
  • avalanche-2Avalanche (AVAX) $ 12.17
  • litecoinLitecoin (LTC) $ 67.95
  • hyperliquidHyperliquid (HYPE) $ 21.21
  • world-liberty-financialWorld Liberty Financial (WLFI) $ 0.173778
  • shiba-inuShiba Inu (SHIB) $ 0.000008
  • hedera-hashgraphHedera (HBAR) $ 0.108164
  • usdt0USDT0 (USDT0) $ 0.999060
  • daiDai (DAI) $ 0.998995
  • susdssUSDS (SUSDS) $ 1.08
  • ethena-staked-usdeEthena Staked USDe (SUSDE) $ 1.22
  • the-open-networkToncoin (TON) $ 1.55
  • paypal-usdPayPal USD (PYUSD) $ 0.999249
  • crypto-com-chainCronos (CRO) $ 0.091144
  • rainRain (RAIN) $ 0.010068
  • usd1-wlfiUSD1 (USD1) $ 0.998727
  • polkadotPolkadot (DOT) $ 1.93
  • uniswapUniswap (UNI) $ 4.83
  • memecoreMemeCore (M) $ 1.65
  • mantleMantle (MNT) $ 0.875105
  • bitget-tokenBitget Token (BGB) $ 3.65
  • tether-goldTether Gold (XAUT) $ 4,877.49
  • aaveAave (AAVE) $ 156.85
  • bittensorBittensor (TAO) $ 238.23
  • falcon-financeFalcon USD (USDF) $ 0.996151
  • okbOKB (OKB) $ 102.75
  • pepePepe (PEPE) $ 0.000005
  • internet-computerInternet Computer (ICP) $ 3.62
  • pax-goldPAX Gold (PAXG) $ 4,890.31
  • nearNEAR Protocol (NEAR) $ 1.51
  • jito-staked-solJito Staked SOL (JITOSOL) $ 160.02
  • ethereum-classicEthereum Classic (ETC) $ 11.53
  • binance-peg-wethBinance-Peg WETH (WETH) $ 2,937.00
  • blackrock-usd-institutional-digital-liquidity-fundBlackRock USD Institutional Digital Liquidity Fund (BUIDL) $ 1.00
  • ondo-financeOndo (ONDO) $ 0.339743
  • htx-daoHTX DAO (HTX) $ 0.000002
  • global-dollarGlobal Dollar (USDG) $ 0.999760
  • hashnote-usycCircle USYC (USYC) $ 1.11
  • kelp-dao-restaked-ethKelp DAO Restaked ETH (RSETH) $ 3,113.52
  • pi-networkPi Network (PI) $ 0.184070
  • jupiter-perpetuals-liquidity-provider-tokenJupiter Perpetuals Liquidity Provider Token (JLP) $ 4.59
  • skySky (SKY) $ 0.065964
  • aster-2Aster (ASTER) $ 0.611333
  • pump-funPump.fun (PUMP) $ 0.002494
  • kucoin-sharesKuCoin (KCS) $ 10.64
  • ripple-usdRipple USD (RLUSD) $ 0.999902
  • binance-staked-solBinance Staked SOL (BNSOL) $ 139.67
  • ethenaEthena (ENA) $ 0.174191
  • polygon-ecosystem-tokenPOL (ex-MATIC) (POL) $ 0.130647
  • bfusdBFUSD (BFUSD) $ 0.998963
  • wbnbWrapped BNB (WBNB) $ 883.84
  • worldcoin-wldWorldcoin (WLD) $ 0.472409
  • hash-2Provenance Blockchain (HASH) $ 0.024118
  • binance-bridged-usdc-bnb-smart-chainBinance Bridged USDC (BNB Smart Chain) (USDC) $ 0.999777
  • syrupusdcsyrupUSDC (SYRUPUSDC) $ 1.15
  • rocket-pool-ethRocket Pool ETH (RETH) $ 3,394.69
  • aptosAptos (APT) $ 1.55
  • cosmosCosmos Hub (ATOM) $ 2.35
  • gatechain-tokenGate (GT) $ 9.84
  • usddUSDD (USDD) $ 0.999423
  • kaspaKaspa (KAS) $ 0.040329
  • myx-financeMYX Finance (MYX) $ 5.59
  • riverRiver (RIVER) $ 53.38
  • render-tokenRender (RENDER) $ 2.02
  • algorandAlgorand (ALGO) $ 0.117278
  • arbitrumArbitrum (ARB) $ 0.177570
  • filecoinFilecoin (FIL) $ 1.32
  • ignition-fbtcFunction FBTC (FBTC) $ 88,922.00
  • official-trumpOfficial Trump (TRUMP) $ 4.87
  • midnight-3Midnight (NIGHT) $ 0.057669
  • lombard-staked-btcLombard Staked BTC (LBTC) $ 88,725.00
  • nexoNEXO (NEXO) $ 0.931682
  • vechainVeChain (VET) $ 0.010290
  • story-2Story (IP) $ 2.48
  • usdtbUSDtb (USDTB) $ 0.999667
  • flare-networksFlare (FLR) $ 0.010215
  • mantle-staked-etherMantle Staked Ether (METH) $ 3,184.61
  • bridged-usdc-polygon-pos-bridgePolygon Bridged USDC (Polygon PoS) (USDC.E) $ 0.999611
  • dashDash (DASH) $ 64.36
  • solv-btcSolv Protocol BTC (SOLVBTC) $ 88,553.00
  • liquid-staked-ethereumLiquid Staked ETH (LSETH) $ 3,137.71
  • bonkBonk (BONK) $ 0.000009
  • superstate-short-duration-us-government-securities-fund-ustbSuperstate Short Duration U.S. Government Securities Fund (USTB) (USTB) $ 10.97
  • syrupusdtsyrupUSDT (SYRUPUSDT) $ 1.11
  • wrappedm-by-m0WrappedM by M0 (WM) $ 0.999147
  • xdce-crowd-saleXDC Network (XDC) $ 0.039741
  • ousgOUSG (OUSG) $ 114.04
  • janus-henderson-anemoy-aaa-clo-fundJanus Henderson Anemoy AAA CLO Fund (JAAA) $ 1.02
  • arbitrum-bridged-wbtc-arbitrum-oneArbitrum Bridged WBTC (Arbitrum One) (WBTC) $ 88,685.00
  • sei-networkSei (SEI) $ 0.107472
  • clbtcclBTC (CLBTC) $ 90,207.00
  • ondo-us-dollar-yieldOndo US Dollar Yield (USDY) $ 1.10
  • stakewise-v3-osethStakeWise Staked ETH (OSETH) $ 3,124.36
  • renzo-restaked-ethRenzo Restaked ETH (EZETH) $ 3,141.91
  • beldexBeldex (BDX) $ 0.086158
  • morphoMorpho (MORPHO) $ 1.19
  • l2-standard-bridged-weth-baseL2 Standard Bridged WETH (Base) (WETH) $ 2,938.05
  • usdaiUSDai (USDAI) $ 0.999505
  • pancakeswap-tokenPancakeSwap (CAKE) $ 1.92
  • jupiter-staked-solJupiter Staked SOL (JUPSOL) $ 148.37
  • polygon-pos-bridged-dai-polygon-posPolygon PoS Bridged DAI (Polygon POS) (DAI) $ 0.999692
  • binance-peg-xrpBinance-Peg XRP (XRP) $ 1.92
  • pudgy-penguinsPudgy Penguins (PENGU) $ 0.009855
  • tezosTezos (XTZ) $ 0.574851
  • eutblSpiko EU T-Bills Money Market Fund (EUTBL) $ 1.23
  • jupiter-exchange-solanaJupiter (JUP) $ 0.191570
  • optimismOptimism (OP) $ 0.306784
  • wrapped-flareWrapped Flare (WFLR) $ 0.010214
  • usual-usdUsual USD (USD0) $ 0.996357
  • arbitrum-bridged-weth-arbitrum-oneArbitrum Bridged WETH (Arbitrum One) (WETH) $ 2,939.46
  • blockstackStacks (STX) $ 0.318988
  • fetch-aiArtificial Superintelligence Alliance (FET) $ 0.237218
  • virtual-protocolVirtuals Protocol (VIRTUAL) $ 0.822618
  • curve-dao-tokenCurve DAO (CRV) $ 0.363502
  • chilizChiliz (CHZ) $ 0.051287
  • tbtctBTC (TBTC) $ 88,483.00
  • c8ntinuumc8ntinuum (CTM) $ 0.118653
  • first-digital-usdFirst Digital USD (FDUSD) $ 0.998411
  • a7a5A7A5 (A7A5) $ 0.012878
  • ghoGHO (GHO) $ 0.999447
  • true-usdTrueUSD (TUSD) $ 0.998658
  • janus-henderson-anemoy-treasury-fundJanus Henderson Anemoy Treasury Fund (JTRSY) $ 1.09
  • kinetic-staked-hypeKinetiq Staked HYPE (KHYPE) $ 21.45
  • fasttokenFasttoken (FTN) $ 1.09
  • gtethGTETH (GTETH) $ 2,940.89
  • injective-protocolInjective (INJ) $ 4.60
  • lighterLighter (LIT) $ 1.81
  • lido-daoLido DAO (LDO) $ 0.522210
  • msolMarinade Staked SOL (MSOL) $ 172.79
  • doublezeroDoubleZero (2Z) $ 0.125189
  • aerodrome-financeAerodrome Finance (AERO) $ 0.476394
  • ether-fi-liquid-ethEther.Fi Liquid ETH (LIQUIDETH) $ 3,161.67
  • steakhouse-usdc-morpho-vaultSteakhouse USDC Morpho Vault (STEAKUSDC) $ 1.11
  • cap-usdCap USD (CUSD) $ 1.01
  • ether-fiEther.fi (ETHFI) $ 0.600623
  • axie-infinityAxie Infinity (AXS) $ 2.50
  • flokiFLOKI (FLOKI) $ 0.000043
  • the-sandboxThe Sandbox (SAND) $ 0.157265
  • newton-projectAB (AB) $ 0.004264
  • coinbase-wrapped-staked-ethCoinbase Wrapped Staked ETH (CBETH) $ 3,292.33
  • sun-tokenSun Token (SUN) $ 0.021300
  • usdbUSDB (USDB) $ 1.00
  • stader-ethxStader ETHx (ETHX) $ 3,170.83
  • starknetStarknet (STRK) $ 0.077512
  • spx6900SPX6900 (SPX) $ 0.432380
  • celestiaCelestia (TIA) $ 0.459979
  • sbtc-2sBTC (SBTC) $ 88,420.00
  • bittorrentBitTorrent (BTT) $ 0.00000041
  • staked-aaveStaked Aave (STKAAVE) $ 156.08
  • the-graphThe Graph (GRT) $ 0.036427
  • layerzeroLayerZero (ZRO) $ 1.91
  • syrupMaple Finance (SYRUP) $ 0.335500
  • justJUST (JST) $ 0.043562
  • wrapped-apecoinWrapped ApeCoin (WAPE) $ 0.189919
  • pippinpippin (PIPPIN) $ 0.379359
  • telcoinTelcoin (TEL) $ 0.003948
  • resolv-usrResolv USR (USR) $ 0.999512
  • kinesis-goldKinesis Gold (KAU) $ 156.67
  • iotaIOTA (IOTA) $ 0.087131
  • resolv-wstusrResolv wstUSR (WSTUSR) $ 1.13
  • conflux-tokenConflux (CFX) $ 0.070787
  • trust-wallet-tokenTrust Wallet (TWT) $ 0.869082
  • gnosisGnosis (GNO) $ 136.50
  • bitcoin-svBitcoin SV (BSV) $ 18.03
  • pendlePendle (PENDLE) $ 2.12
  • jasmycoinJasmyCoin (JASMY) $ 0.007230
  • euro-coinEURC (EURC) $ 1.17
  • crvusdcrvUSD (CRVUSD) $ 1.00
  • kinesis-silverKinesis Silver (KAG) $ 95.61
  • apenftAINFT (NFT) $ 0.00000035
Bitcoin

North Korean hackers hit 3,100+ IPs in AI, crypto, finance job scam

By admin
0 1

North Korean hackers hit 3,100+ IPs in AI, crypto, finance job scam

After snipping over $2 billion from the crypto market in 2025, North Korean hackers are back with a fake job recruitment campaign executed by a group known as PurpleBravo.

North Korean-linked hackers have launched a cyber espionage on more than 3,100 internet addresses tied to companies in artificial intelligence, cryptocurrency, and financial services, according to new threat intelligence findings by Recorded Future’s Insikt Group.

PurpleBravo was spotted using fraudulent job recruitment processes and developer tools embedded with malicious software. Per Insikt Group’s assessment, 20 victim organizations have been identified so far from South Asia, North America, Europe, the Middle East, and Central America.

North Korea launches fake recruitment interviews malware campaign

As explained by Insikt Group, the “Contagious Interview” campaign features bad actors who pose as recruiters or developers and approach job seekers with technical interview exercises. At least 3,136 individual IP addresses were targeted during the monitoring period, the security analysts said.

The attackers presented themselves as crypto and technology firm representatives, requesting that candidates review code, clone repositories, or complete coding tasks.

“In several cases, it is likely that job-seeking candidates executed malicious code on corporate devices, creating organizational exposure beyond the individual target,” the threat intelligence firm wrote in its report.

The operation has several aliases in both private and open-source insights on North Korea hackers, including CL-STA-0240, DeceptiveDevelopment, DEV#POPPER, Famous Chollima, Gwisin Gang, Tenacious Pungsan, UNC5342, Void Dokkaebi, and WaterPlum.

The cybersecurity group also mentioned that the hackers used Astrill VPN and IP ranges to administer China-based command-and-control servers. Meanwhile, 17 service providers hosted malware like BeaverTail and GolangGhost servers for them.

Luring victims with personas, GitHub, and Ukrainian cover stories

Insikt Group spotted four online personas linked to PurpleBravo, following an investigation into malicious GitHub repositories, social media chatter on crypto scams, and a hacking network intelligence service.

According to the report, these profiles consistently presented themselves as being based in Odessa, Ukraine, while targeting job seekers from South Asia. Insikt said it was unable to determine why Ukrainian identities were used in the ruse.

In one of the fake programs, hackers used a website advertising a token based on a food brand. However, researchers could not establish a verified connection between the coin and the company it referenced. Scammers, automated bots, and malicious links populate the project’s official Telegram channel.

Moreover, the operation also featured two related remote access trojans, PylangGhost and GolangGhost. The malware families are multi-platform tools that share identical commands and automate the theft of browser credentials and cookies.

GolangGhost is compatible with several operating systems, but PylangGhost only works on Windows systems and can bypass Chrome’s app-bound credential protection for version 127 and later.

Insikt Group found Telegram channels advertising LinkedIn and Upwork accounts for sale, with the sellers using proxy services like proxy-seller[.]com, powervps[.]net, residentialvps[.]com, lunaproxy[.]com, and sms-activate[.]io, and virtual private servers to hide their locations. The operator was also seen interacting with the cryptocurrency trading platform MEXC Exchange.

VS Code backdoors on Microsoft Visual Studio

On Monday, Jamf Threat Labs reported that North Korea-linked actors have developed a weaponized version of Microsoft Visual Studio Code that can find backdoors in systems. The tactic was first identified in December 2025 and has since been refined, the security analysts said.

According to Jamf security researcher Thijs Xhaflaire, the attackers can implant malware that grants remote code execution on machines. The infection chain begins when a target clones a malicious Git repository and opens it in VS Code.

“When the project is opened, Visual Studio Code prompts the user to trust the repository author. If that trust is granted, the application automatically processes the repository’s tasks.json configuration file, which can result in embedded arbitrary commands being executed on the system,” Thijs Xhaflaire wrote.

Source

admin 17302 posts 0 comments
You might also like More from author

Leave A Reply

Your email address will not be published.