Cybersecurity News in Asia

RECENT STORIES:

SEGA moves faster with flow-based network monitoring
Experts urge action on May 2025 Patch Tuesday zero-days, highlight leg...
Haute couture, faible sécurité: luxury retailer’s data leak leaves cus...
Admitad Launches OEM Advertising Division to Drive Mobile Growth throu...
Navigating blockchain adoption amid rising security challenges
Scattered Spider: still spinning phishing webs on corporate land?
LOGIN REGISTER
CybersecAsia
  • Conference 2025
  • Features
    • Featured

      Navigating blockchain adoption amid rising security challenges

      Navigating blockchain adoption amid rising security challenges

      Wednesday, May 14, 2025, 12:32 PM Asia/Singapore | Features
    • Featured

      Backups are not enough for cyber resilience

      Backups are not enough for cyber resilience

      Monday, May 5, 2025, 4:49 PM Asia/Singapore | Features
    • Featured

      MSPs the first line of defense for APAC SMEs

      MSPs the first line of defense for APAC SMEs

      Tuesday, April 15, 2025, 1:30 PM Asia/Singapore | Features
  • Opinions
  • Tips
  • Whitepapers
  • Awards 2024
  • Directory
  • E-Learning

Select Page

LOGIN REGISTER
  • Conference 2025
  • Features
    • Featured

      Navigating blockchain adoption amid rising security challenges

      Navigating blockchain adoption amid rising security challenges

      Wednesday, May 14, 2025, 12:32 PM Asia/Singapore | Features
    • Featured

      Backups are not enough for cyber resilience

      Backups are not enough for cyber resilience

      Monday, May 5, 2025, 4:49 PM Asia/Singapore | Features
    • Featured

      MSPs the first line of defense for APAC SMEs

      MSPs the first line of defense for APAC SMEs

      Tuesday, April 15, 2025, 1:30 PM Asia/Singapore | Features
  • Opinions
  • Tips
  • Whitepapers
  • Awards 2024
  • Directory
  • E-Learning
News

North Korean hackers target crypto developers, steal billions using sophisticated malware

By CybersecAsia editors | Thursday, April 24, 2025, 10:26 AM Asia/Singapore

North Korean hackers target crypto developers, steal billions using sophisticated malware

Dangling fake job offers and rigged coding tests to lure applicants, a state-sponsored threat group has been looting billions in cryptocurrencies.

Threat researchers have found that North Korean state-sponsored hackers have been waging a sophisticated campaign against cryptocurrency developers, exploiting professional networking and coding platforms to deliver custom malware that can evade traditional detection tools.

The threat group is believed to have stolen over US$1bn from the cryptocurrency sector in 2023 alone, including a US$1.5bn heist from a Dubai-based exchange, and a US$308m theft from a Japanese firm.

Attackers have posed as recruiters on professional career networking platforms, targeting developers with enticing job offers. After initiating contact, the malicious actors send a PDF with a job description, followed by a coding challenge hosted on GitHub. These repositories appear legitimate but have been secretly modified to include malicious code, typically in Python or JavaScript, tailored to each victim’s expertise.

Method of attack

Once a developer runs the code, two custom malware strains — RN Loader and RN Stealer — are deployed.

  • RN Loader collects system information and executes further malicious payloads
  • RN Stealer is designed to harvest sensitive data such as SSH keys, cloud credentials and even iCloud Keychain data on macOS systems.

The malware uses advanced evasion techniques such as YAML deserialization and Embedded JavaScript templating to run in memory, minimizing its footprint and making detection difficult.

A key feature of this campaign is its selectivity: the malicious payloads are only delivered after the attackers verify the victim’s IP address, geolocation, and system configuration, ensuring that only high-value targets are compromised. The attackers are also mimicking legitimate infrastructure, using Command-and-Control servers that resemble normal web traffic to avoid raising suspicion.

The campaign has prompted platforms such as LinkedIn and GitHub to remove accounts and repositories linked to the threat group.

Security experts from Palo Alto’s Unit 42, the teams uncovering and monitoring the North Korean threat group, advise developers to be wary of unsolicited job offers and coding challenges, to separate personal and work devices, and to carefully vet any external code before execution.

Share:

PreviousCohesity Automation Provides Faster, More Comprehensive Cyber Incident Response
NextTips for detecting and neutering online scams amid formidable AI-powered threats

Related Posts

Cyberattack surge in the region is keeping APAC IT leaders busy

Cyberattack surge in the region is keeping APAC IT leaders busy

Tuesday, October 26, 2021

Fighting fraud with AI/ML is on ACFE professionals’ radars

Fighting fraud with AI/ML is on ACFE professionals’ radars

Monday, March 11, 2024

Fraudsters and cybercriminals are getting more sophisticated: analysis

Fraudsters and cybercriminals are getting more sophisticated: analysis

Monday, May 22, 2023

7 cybersecurity misconceptions every CIO should dispel

7 cybersecurity misconceptions every CIO should dispel

Monday, May 11, 2020

Leave a reply Cancel reply

You must be logged in to post a comment.

Voters-draw/RCA-Sponsors

Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
previous arrow
next arrow

CybersecAsia Voting Placement

Gamification listing or Participate Now

PARTICIPATE NOW

Vote Now -Placement(Google Ads)

Top-Sidebar-banner

Whitepapers

  • 2024 Insider Threat Report: Trends, Challenges, and Solutions

    2024 Insider Threat Report: Trends, Challenges, and Solutions

    Insider threats continue to be a major cybersecurity risk in 2024. Explore more insights on …Download Whitepaper
  • AI-Powered Cyber Ops: Redefining Cloud Security for 2025

    AI-Powered Cyber Ops: Redefining Cloud Security for 2025

    The future of cybersecurity is a perfect storm: AI-driven attacks, cloud expansion, and the convergence …Download Whitepaper
  • Data Management in the Age of Cloud and AI

    Data Management in the Age of Cloud and AI

    In today’s Asia Pacific business environment, organizations are leaning on hybrid multi-cloud infrastructures and advanced …Download Whitepaper
  • Mitigating Ransomware Risks with GRC Automation

    Mitigating Ransomware Risks with GRC Automation

    In today’s landscape, ransomware attacks pose significant threats to organizations of all sizes, with increasing …Download Whitepaper

Middle-sidebar-banner

Case Studies

  • St Luke’s ElderCare enhances operations and capabilities through a centralized secure, scalable network

    St Luke’s ElderCare enhances operations and capabilities through a centralized secure, scalable network

    With only a small IT team, the digital transformation has united operations across 30 locations, …Read more
  • Automating border control and security with facial recognition technology

    Automating border control and security with facial recognition technology

    Indonesia Immigration & Seaport Authorities enhances security and speeds up border control queues at Batam …Read more
  • Securing wealth advisory services without unnecessary friction: Endowus

    Securing wealth advisory services without unnecessary friction: Endowus

    The wealth advisory platform demonstrates its non-negotiable commitment to a robust security posture through partnering …Read more
  • LifeTech group sets up next-gen security operations center in Malaysia

    LifeTech group sets up next-gen security operations center in Malaysia

    By partnering with a unified cybersecurity platform, the firm will be offering cost-effective advanced SOC …Read more

Bottom sidebar

  • Our Brands
  • DigiconAsia
  • MartechAsia
  • Home
  • About Us
  • Contact Us
  • Sitemap
  • Privacy & Cookies
  • Terms of Use
  • Advertising & Reprint Policy
  • Media Kit
  • Subscribe
  • Manage Subscriptions
  • Newsletter

Copyright © 2025 CybersecAsia All Rights Reserved.