Attacks exploiting fraudulent artificial intelligence platforms have been launched by the EncryptHub threat operation to compromise Web3 developers with the information-stealing malware, reports The Hacker News.
EncryptHub, also known as Water Gamayun and LARVA-208, lured Web3 developers with portfolio review requests or job offers that redirected to the Teampilot-spoofing Norlax AI and other fake AI platforms, which had meeting links that trigger an attack chain concluding with the delivery of Fickle Stealer, an analysis from PRODAFT revealed. "This latest operation suggests a shift toward alternative monetization strategies, including the exfiltration of valuable data and credentials for potential resale or exploitation in illicit markets," said PRODAFT. Such findings come as Huntress researchers reported the discovery of the new Crux ransomware strain, purported to be part of the BlackByte operation, which infiltrates networks through stolen credentials. Another report from Trustwave SpiderLabs showed the Akira- and Qilin-aping KAWA4096 ransomware, which has already compromised nearly a dozen organizations, most of which are in the U.S. and Japan, since June.
EncryptHub, also known as Water Gamayun and LARVA-208, lured Web3 developers with portfolio review requests or job offers that redirected to the Teampilot-spoofing Norlax AI and other fake AI platforms, which had meeting links that trigger an attack chain concluding with the delivery of Fickle Stealer, an analysis from PRODAFT revealed. "This latest operation suggests a shift toward alternative monetization strategies, including the exfiltration of valuable data and credentials for potential resale or exploitation in illicit markets," said PRODAFT. Such findings come as Huntress researchers reported the discovery of the new Crux ransomware strain, purported to be part of the BlackByte operation, which infiltrates networks through stolen credentials. Another report from Trustwave SpiderLabs showed the Akira- and Qilin-aping KAWA4096 ransomware, which has already compromised nearly a dozen organizations, most of which are in the U.S. and Japan, since June.
