Market Capitalization:2 377 830 154 071,5 USD
Vol. in 24 hours:95 654 865 396,07 USD
Dominance:BTC 58,63%
ETH:10,41%
Market Capitalization:2 377 830 154 071,5 USD
Vol. in 24 hours:95 654 865 396,07 USD
Dominance:BTC 58,63%
ETH:10,41%
Market Capitalization:2 377 830 154 071,5 USD
Vol. in 24 hours:95 654 865 396,07 USD
Dominance:BTC 58,63%
ETH:10,41%
Market Capitalization:2 377 830 154 071,5 USD
Vol. in 24 hours:95 654 865 396,07 USD
Dominance:BTC 58,63%
ETH:10,41%
Market Capitalization:2 377 830 154 071,5 USD
Vol. in 24 hours:95 654 865 396,07 USD
Dominance:BTC 58,63%
ETH:10,41%
Market Capitalization:2 377 830 154 071,5 USD
Vol. in 24 hours:95 654 865 396,07 USD
Dominance:BTC 58,63%
ETH:10,41%
Market Capitalization:2 377 830 154 071,5 USD
Vol. in 24 hours:95 654 865 396,07 USD
Dominance:BTC 58,63%
ETH:10,41%
Market Capitalization:2 377 830 154 071,5 USD
Vol. in 24 hours:95 654 865 396,07 USD
Dominance:BTC 58,63%
ETH:10,41%
Market Capitalization:2 377 830 154 071,5 USD
Vol. in 24 hours:95 654 865 396,07 USD
Dominance:BTC 58,63%
ETH:10,41%
Market Capitalization:2 377 830 154 071,5 USD
Vol. in 24 hours:95 654 865 396,07 USD
Dominance:BTC 58,63%
ETH:10,41%
Yes
>>North Korean hackers compromised more than 3,100 IP addresses in a scam targeting AI, cryptocurrency, and finance job listings.

North Korean hackers compromised more than 3,100 IP addresses in a scam targeting AI, cryptocurrency, and finance job listings.

crypthub
North Korean hackers compromised more than 3,100 IP addresses in a scam targeting AI, cryptocurrency, and finance job listings.

Campaign Overview

North Korean‑linked group PurpleBravo launched a fake job recruitment drive that targeted over 3,100 IP addresses tied to AI, cryptocurrency and financial firms. The operation lured candidates with technical interview tasks, prompting them to run malicious code on corporate devices. Victims were identified across South Asia, North America, Europe, the Middle East and Central America. The campaign is also known by aliases such as DeceptiveDevelopment, Void Dokkaebi and WaterPlum.

Tactics and Malware

Researchers tracked four online personas posing as Ukrainian developers who posted malicious GitHub repositories and a token scam website. Hackers used Astrill VPN and China‑based command‑and‑control servers, with 17 service providers hosting BeaverTail, GolangGhost and PylangGhost malware. The remote‑access trojans harvest browser credentials, cookies and can bypass Chrome’s credential protection on newer versions. Telegram channels advertised stolen LinkedIn and Upwork accounts, using various proxy services to mask locations.

Weaponized Development Tools

Jamf Threat Labs reported a weaponized version of Microsoft Visual Studio Code that installs backdoors when a victim opens a tainted Git repository. Granting trust to the repository triggers execution of commands hidden in the tasks.json file, granting attackers remote code execution. The technique was first observed in December 2025 and has since been refined. This approach expands the threat landscape beyond traditional phishing, exploiting developers’ trusted tools.