TZUTC: -0500
MSGID: 2059.consprcy@1:2320/105 2dde10c3
PID: Synchronet 3.21a-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0
TID: SBBSecho 3.28-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0
BBSID: CAPCITY2
CHRS: ASCII 1
FORMAT: flowed
More AI malware has been found - and this time, crypto developers are under
attack

Date:
Mon, 26 Jan 2026 16:45:00 +0000

Description:
KONNI is using AI-generated backdoors to target crypto bros - and security
pros should pay attention.

FULL STORY

Security researchers have found more malware being developed with the help of
Gen AI, as the use of AI tools in cybercrime moves from theory into practice,
and that defenders should also start integrating AI into their tech stack. 

Security outfit Check Point Research (CPR) has detailed KONNI , a known North
Korean state-sponsored threat actor that has been around for more than a
decade. 

According to CPR, KONNI is known for targeting South Korean politicians,
diplomats, academics, and other similar targets. However, after more than a
decade of chasing after political and diplomatic targets, KONNI shifted its
attention towards software developers - specifically, blockchain and crypto
developers.

AI-generated PowerShell backdoor 

CPR says that in the latest campaign, KONNI was mailing IT technicians with
highly convincing phishing lures, attempting to access cloud infrastructure,
source code repositories, APIs, and blockchain-related credentials. 

Those that took the bait deployed an AI-generated PowerShell backdoor that
granted the attackers access to their computers, and through it, to all of 
the secrets stored there. 

A defining aspect of this campaign is the deployment of an AI-generated
PowerShell backdoor, demonstrating how artificial intelligence is 
accelerating malware development and deployment, CPR said in its report. 

Rather than introducing entirely new attack techniques, AI enables faster
iteration, easier customization, and greater flexibility. 

The report also stresses that this means cybersecurity professionals will 
have to change, or evolve, their approach, as well. AI-generated malware can
change faster and to a greater extent, evading traditional, signature-based
detection with ease. 

Organizations should treat development environments as high-value targets, 
CPR concludes. To defend, they should first strengthen phishing prevention
across collaboration and developer workflows. After that, they should protect
development and cloud environments with strong access controls and finally,
use AI-driven threat prevention to block unseen malware early in the attack
chain. 

======================================================================
Link to news story:
https://www.techradar.com/pro/security/more-ai-malware-has-been-found-this-tim
e-targeting-crypto-developers

$$
--- SBBSecho 3.28-Linux
 * Origin: Capitol City Online (1:2320/105)
SEEN-BY: 105/81 106/201 128/187 129/14 305 153/7715 154/110 218/700
SEEN-BY: 226/30 227/114 229/110 134 206 300 307 317 400 426 428 470
SEEN-BY: 229/664 700 705 266/512 291/111 320/219 322/757 342/200 396/45
SEEN-BY: 460/58 633/280 712/848 902/26 2320/0 105 304 3634/12 5075/35
PATH: 2320/105 229/426