Mitrade Insights is dedicated to providing investors with rich, timely and most valuable financial information to help investors grasp the market situation and find timely trading opportunities.

2021

Best News & Analysis Provider

FxDailyInfo

2022

Best Forex Educational Resources Global

International Business Magazine

Insights

News

Cryptocurrencies

Konni hackers target blockchain engineers with AI malware

Source Cryptopolitan

North Korean hacking group Konni is now targeting blockchain engineers with artificial intelligence-generated malware. According to reports, the hacker group is now deploying the AI-generated PowerShell malware, using it to target developers and engineers in the blockchain industry.

The North Korean hacker group is believed to have been in operation since at least 2014 and is associated with APT37 and Kimusky activity clusters. The group has targeted organizations spread across South Korea, Ukraine, Russia, and several other European countries. According to the threat sample analyzed by CheckPoint researchers, the North Korean group’s latest campaign is targeted towards the Asian Pacific region.

North Korean Konni group deploys AI-generated malware

In the report, the researchers claimed that the malware was submitted by users who found it in Japan, India, and Australia. The attack begins with the victim receiving a Discord link that delivers a ZIP archive containing a PDF lure and a malicious LNK shortcut file. The LNK runs an embedded PowerShell loader that extracts a DOCX document and a CAB archive that contains a PowerShell backdoor, two batch files, and a UAC bypass executable.

After the shortcut file is launched, the DOCX opens and executes a batch file included in the cabinet file. The lure DOCX document shows that the hacker wants to compromise the development environment, which could provide them with access to sensitive assets, including infrastructure, API credentials, wallet access, and finally digital asset holdings. The first batch file creates a staging directory for the backdoor and the second batch file.

In addition, it also creates an hourly scheduled task that mimics the startup task of OneDrive. The task reads an XOR-encrypted PowerShell script from disk and decrypts it for in-memory execution. After completing all these steps, it then deletes itself to wipe all the signs of an infection. The PowerShell backdoor heavily masks its origin using arithmetic-based string encoding, runtime string reconstruction, and the execution of the final logic using “Invoked-Expression.”

According to the researchers, the PowerShell malware indicates the presence of an AI-assisted development rather than traditionally authored malware. The evidence showing this includes the clear and structured documentation at the top of the script, which is very unusual for malware development. In addition, it has a clean and modular layout, and the presence of a “# <– your permanent project UUID” comment in the file. CheckPoint noted that this phrasing shows signs of an LLM-generated code by the North Korean hackers.

CheckPoint researchers give details on the malware

The researchers explained that the phrasing also shows that the model instructs a human user on how to customize the placeholder value. They said such comments are commonly seen in AI-generated scripts and tutorials. Before execution, the malware performs a hardware, software, and user activity check to ensure that it is not running in analysis environments. Once that is determined, it then generates a unique host ID. After that, it follows a specified path of action.

Once the backdoor is fully activated and running on the infected device, the malware contacts the command-and-control (C2) server periodically to send host metadata and polls the server at random intervals. If the C2 contains a PowerShell code, it turns into a script block and carries out its activities using background jobs. CheckPoint noted that these attacks can be attributed to the North Korean Konni threat actor based on the earlier launcher format and lure name.

In addition, the researchers claimed that aside from having the same script name overlap, there are other common elements in the execution chain structure with earlier attacks. The researchers have also published indicators of compromise associated with this recent campaign to help defenders recognize when they have been attacked by the North Korean Konni campaign so they can protect their assets.

The smartest crypto minds already read our newsletter. Want in? Join them.

Disclaimer: For information purposes only. Past performance is not indicative of future results.

Recommended Articles

Bitcoin To Anchor America Party—’Fiat Is Hopeless,’ Says Elon Musk Musk Pitches Bitcoin As Pillar Of America Party

Author Bitcoinist

Jul 07, 2025

Musk Pitches Bitcoin As Pillar Of America Party

Bitcoin briefly loses 2025 gains as crypto plunges over the weekend.Bitcoin experienced a sharp decline this weekend, briefly erasing its 2025 gains and dipping below its year-opening value of $93,507. The cryptocurrency fell to a low of $93,029 on Sunday, representing a 25% drop from its all-time high in October. Although it has rebounded slightly to around $94,209, the pressures on the market remain significant. The downturn occurred despite the reopening of the U.S. government on Thursday, which many had hoped would provide essential support for crypto markets. This year initially appeared promising for cryptocurrencies, particularly after the inauguration of President Donald Trump, who has established the most pro-crypto administration thus far. However, ongoing political tensions—including Trump's tariff strategies and the recent government shutdown, lasting a historic 43 days—have contributed to several rapid price pullbacks for Bitcoin throughout the year. Market dynamics are also being influenced by Bitcoin whales—investors holding large amounts of Bitcoin—who have been offloading portions of their assets, consequently stalling price rallies even as positive regulatory developments emerge. Despite these sell-offs, analysts from Glassnode argue that this behavior aligns with typical patterns seen among long-term investors during the concluding stages of bull markets, suggesting it is not indicative of a mass exodus. Notably, Bitcoin is not alone in its struggles, as Ethereum and Solana have also recorded declines of 7.95% and 28.3%, respectively, since the start of the year, while numerous altcoins have faced even steeper losses. Looking ahead, questions linger regarding the viability of the four-year cycle thesis, particularly given the increasing institutional support and regulatory frameworks now in place in the crypto landscape. Matt Hougan, chief investment officer at Bitwise, remains optimistic, suggesting a potential Bitcoin resurgence in 2026 driven by the “debasement trade” thesis and a broader trend toward increased adoption of stablecoins, tokenization, and decentralized finance. Hougan emphasized the soundness of the underlying fundamentals, pointing to a positive outlook for the sector in the longer term.

Author Mitrade

Nov 17, 2025

Bitcoin experienced a sharp decline this weekend, briefly erasing its 2025 gains and dipping below its year-opening value of $93,507. The cryptocurrency fell to a low of $93,029 on Sunday, representing a 25% drop from its all-time high in October. Although it has rebounded slightly to around $94,209, the pressures on the market remain significant. The downturn occurred despite the reopening of the U.S. government on Thursday, which many had hoped would provide essential support for crypto markets. This year initially appeared promising for cryptocurrencies, particularly after the inauguration of President Donald Trump, who has established the most pro-crypto administration thus far. However, ongoing political tensions—including Trump's tariff strategies and the recent government shutdown, lasting a historic 43 days—have contributed to several rapid price pullbacks for Bitcoin throughout the year. Market dynamics are also being influenced by Bitcoin whales—investors holding large amounts of Bitcoin—who have been offloading portions of their assets, consequently stalling price rallies even as positive regulatory developments emerge. Despite these sell-offs, analysts from Glassnode argue that this behavior aligns with typical patterns seen among long-term investors during the concluding stages of bull markets, suggesting it is not indicative of a mass exodus. Notably, Bitcoin is not alone in its struggles, as Ethereum and Solana have also recorded declines of 7.95% and 28.3%, respectively, since the start of the year, while numerous altcoins have faced even steeper losses. Looking ahead, questions linger regarding the viability of the four-year cycle thesis, particularly given the increasing institutional support and regulatory frameworks now in place in the crypto landscape. Matt Hougan, chief investment officer at Bitwise, remains optimistic, suggesting a potential Bitcoin resurgence in 2026 driven by the “debasement trade” thesis and a broader trend toward increased adoption of stablecoins, tokenization, and decentralized finance. Hougan emphasized the soundness of the underlying fundamentals, pointing to a positive outlook for the sector in the longer term.

Gold rises on softer US Dollar, traders await Trump's address on Iran war Gold price (XAU/USD) extends the rally to near $4,775 during the early Asian session on Thursday. The precious metal surges amid a weakening US Dollar (USD) and cooling geopolitical tensions in the Middle East.

Author FXStreet

Yesterday 01: 20

Gold price (XAU/USD) extends the rally to near $4,775 during the early Asian session on Thursday. The precious metal surges amid a weakening US Dollar (USD) and cooling geopolitical tensions in the Middle East.

Silver Price Forecast: XAG/USD falls to near $72.00 amid fading safe-haven demand Silver price (XAG/USD) continues to lose ground after registering tiny losses in the previous day, trading around $72.90 during the Asian hours on Thursday. The safe-haven demand for the precious metal fades amid rising optimism over Middle East peace.

Author FXStreet

Yesterday 08: 19

Silver price (XAG/USD) continues to lose ground after registering tiny losses in the previous day, trading around $72.90 during the Asian hours on Thursday. The safe-haven demand for the precious metal fades amid rising optimism over Middle East peace.

Gold retreats sharply from two-week top/$4,800 as Trump’s Iran comments boost USD Gold (XAU/USD) witnessed an intraday turnaround from the $4,800 mark, or a fresh two-week high set earlier this Thursday, and for now, seems to have snapped a four-day winning streak amid resurgent US Dollar (USD) demand.

Author FXStreet

Yesterday 07: 03

Gold (XAU/USD) witnessed an intraday turnaround from the $4,800 mark, or a fresh two-week high set earlier this Thursday, and for now, seems to have snapped a four-day winning streak amid resurgent US Dollar (USD) demand.

Popular Symbols