A threat actor known as EncryptHub is targeting Web3 developers using fake AI platforms to deploy information stealer malware and harvest sensitive data. This evolution in tactics highlights the increasing sophistication in cyberattacks aimed at cryptocurrency and decentralized project communities. #EncryptHub #FickleStealer
Keypoints
- EncryptHub uses fake AI platforms like Norlax AI to trick Web3 developers into clicking malicious links.
- Attackers send meeting links via social media and messaging platforms under false pretenses of job interviews or portfolio reviews.
- Malicious downloads masquerade as audio drivers and deploy stealer malware to exfiltrate crypto wallets and credentials.
- The malware targets decentralized developers managing sensitive crypto and project data for quick monetization.
- New ransomware families KAWA4096 and Crux utilize sophisticated encryption and legitimate Windows tools to evade detection.
Read More: https://thehackernews.com/2025/07/encrypthub-targets-web3-developers.html