Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
North Korean Hackers Target Crypto with Fake MetaMask

North Korean Hackers Target Crypto with Fake MetaMask

Posted on February 19, 2026 By CWS

In a sophisticated cyberattack, North Korean hacking groups have launched a campaign targeting professionals in the cryptocurrency, Web3, and artificial intelligence sectors. This operation, called Contagious Interview, involves deploying remote access backdoors and fake MetaMask wallet extensions to steal digital assets.

Attack Strategy and Techniques

The attackers cleverly embed malicious code within fake job interview assessments. These assessments use compromised NPM packages, which unsuspecting developers execute during technical evaluations. This method marks a significant advancement in financial cybercrime tactics, employing two main malware families known as BeaverTail and InvisibleFerret. These malware variants are continuously updated to enhance data theft capabilities.

Recent malware iterations show sophisticated methods for manipulating browser extensions and intercepting cryptocurrency credentials. They not only establish persistent backdoor access but also search for sensitive files such as wallet data and password managers across multiple operating systems, including Windows, macOS, and Linux.

Streamlined Infection Process

Threat Intelligence analyst Seongsu Park has detailed the streamlined infection chain used by these threat actors. The initial JavaScript payload is designed to perform essential functions like beacon transmission and downloading further attack stages. This streamlined approach reduces detection chances while maintaining effectiveness.

Victims are lured into running malicious JavaScript hidden in trojanized NPM packages during fake technical interviews. The initial script reaches out to command-and-control servers to retrieve encoded server addresses and campaign identifiers. This leads to the download of specialized JavaScript files and the Python-based InvisibleFerret backdoor.

Manipulating MetaMask Extensions

The attack’s most dangerous element involves manipulating legitimate MetaMask cryptocurrency wallet extensions. Through a lightweight backdoor, attackers scan Chrome and Brave browsers for installed MetaMask extensions. If found, they download a trojanized version from their servers and modify browser configuration files.

The malware uses complex techniques like generating valid HMAC-SHA256 signatures to bypass security mechanisms. The altered MetaMask extension includes only about 15 malicious lines within the submitPassword function. When users unlock their wallets, this extension captures master passwords and encrypted vault files, transmitting them to attacker servers, granting full access to victims’ cryptocurrency holdings.

To mitigate this threat, organizations should monitor for suspicious NPM packages and enforce strict code review processes. Network administrators are advised to block communication with known command-and-control infrastructures. Users should verify MetaMask extension integrity through official browser stores and regularly monitor extension permissions. Security teams should also implement behavioral detection rules to identify file exfiltration and unauthorized browser modifications. Developers are urged to avoid executing untrusted NPM packages, particularly those received during recruitment.

Stay informed and protected by following us on Google News, LinkedIn, and X. Set CSN as your preferred source on Google for more updates.

Cyber Security News Tags:cryptocurrency security, Cybercrime, data theft, fake extensions, IT security, Malware, MetaMask, North Korean hackers, remote access, Web3 security

Post navigation

Previous Post: Microsoft Exchange Error Flags Legitimate Emails as Phishing
Next Post: AI Tools Misused for Stealthy Malware Communication

Related Posts

Zyxel Router Flaws: Remote Command Injection Risk Zyxel Router Flaws: Remote Command Injection Risk Cyber Security News
Hackers Using AI to Automate Vulnerability Discovery and Malware Generation Hackers Using AI to Automate Vulnerability Discovery and Malware Generation Cyber Security News
Warlock Ransomware Actors Exploiting Sharepoint ToolShell Zero-Day Vulnerability in New Attack Wave Warlock Ransomware Actors Exploiting Sharepoint ToolShell Zero-Day Vulnerability in New Attack Wave Cyber Security News
Critical ProFTPD Vulnerability Allows Remote Code Execution Critical ProFTPD Vulnerability Allows Remote Code Execution Cyber Security News
Jaguar Land Rover Confirms Hackers Stole Data in Ongoing Cyberattack Jaguar Land Rover Confirms Hackers Stole Data in Ongoing Cyberattack Cyber Security News
NHS Investigating Oracle EBS Hack Following Cl0p Ransomware Group Claim NHS Investigating Oracle EBS Hack Following Cl0p Ransomware Group Claim Cyber Security News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • AI Security Model Redeployment and Major Vulnerabilities
  • Flipper Zero Enhances Firmware Development Strategy
  • T3MP3ST Framework Transforms AI Into Security Pioneers
  • Microsoft Enhances Windows 11 OOBE with New Update
  • Government Pays $1M to Prevent Data Leak by Kairos Group

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • AI Security Model Redeployment and Major Vulnerabilities
  • Flipper Zero Enhances Firmware Development Strategy
  • T3MP3ST Framework Transforms AI Into Security Pioneers
  • Microsoft Enhances Windows 11 OOBE with New Update
  • Government Pays $1M to Prevent Data Leak by Kairos Group

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark