EncryptHub, also known as LARVA-208, is targeting Web3 developers through a new campaign focused on infecting them with information stealer malware. The group has shifted its tactics by employing fake AI platforms to lure victims with job offers or portfolio reviews. This group, historically known for ransomware, has diversified its methods to use stealer malware for harvesting cryptocurrency wallet data. Web3 developers, who often manage high-value crypto wallets and operate in decentralized environments, present an enticing target for attackers seeking to monetize quickly.
LARVA-208 has evolved its tactics, using fake AI platforms (e.g., Norlax AI, mimicking Teampilot) to lure victims with job offers or portfolio review requests.
EncryptHub's focus on Web3 developers isn't random-these individuals often manage crypto wallets, access to smart contract repositories, or sensitive test environments.
The attack chains entail directing prospective targets to deceptive artificial intelligence (AI) platforms and tricking them into clicking on purported meeting links within these sites.
Many operate as freelancers or work across multiple decentralized projects, making them harder to protect with traditional enterprise security controls.
Collection
[
|
...
]