- North Korean hackers use fake crypto app to steal seeds.
- Malware OtterCookie and BeaverTrail harvest keystrokes, screenshots and clipboard data.
- Victims lured with bogus job offers, assume hot wallets compromised.
Hackers linked to North Korea have launched a new wave of cyberattacks targeting cryptocurrency users and developers. According to cybersecurity firm Cisco Talos, the attackers are using a malicious JavaScript payload hidden within a fake crypto application and an npm package to steal sensitive user data. The campaign, powered by the “OtterCookie” and “BeaverTrail” malware, has been described as highly organized and financially motivated.
Victims are often lured with fake job offers or freelance gigs that appear legitimate. Once the victim downloads the infected application, the malware secretly installs itself on the system. It then begins collecting critical data such as keystrokes, screenshots, clipboard content, and wallet information from popular extensions like Metamask.
Also Read: Solana (SOL) Price Prediction 2025–2030: Will SOL Break Past $250 After ETF Approval?
How the Attack Works
The infection starts when a user downloads the disguised crypto app, believing it to be a genuine tool. Hidden within the app is an obfuscated JavaScript payload that runs silently in the background. It steals files, login credentials, and even browser wallet details before uploading them to remote servers controlled by the attackers.
Besides stealing sensitive data, the malware also collects seed phrases and passwords used to access crypto wallets. This allows the hackers to drain funds from hot wallets directly connected to the victim’s computer. As a result, cryptocurrency holders have become prime targets in this sophisticated campaign.
Consequences and Recommended Actions
Those who suspect exposure to the malware are advised to treat their wallets as compromised. Experts recommend moving funds immediately to new wallets and revoking token approvals from old ones. Additionally, reinstalling the operating system is considered one of the most effective ways to remove any lingering malware components.
Users are urged to avoid running code from unverified sources or downloading unknown npm packages. When possible, new software should be tested within isolated environments such as virtual machines or containers. These precautions can significantly reduce the risk of infection.
A Growing Cyber Threat
Reports suggest that North Korean hackers have already stolen approximately $2 billion worth of cryptocurrency this year alone. Data from blockchain analytics firm Elliptic shows that the total value of stolen assets linked to the regime now stands at $6 billion. This underlines the scale of the threat posed by state-backed cybercrime.
Cybersecurity specialists warn that these attacks are becoming more precise and harder to detect. Consequently, both individual crypto users and blockchain companies must remain vigilant. Strengthening security measures and monitoring unusual system activity remain vital steps in defending against future breaches.
Also Read: Ripple CTO Clears Misconception About XRP Ledger’s Unique Node List
