🔥 TRENDING
🔥 February Smartphone Launches Heat Up Tech Scene
🔥 Microsoft Data Center Power Outage Disrupts Key Services
🔥 AI Chatbot Misuse Ranks Top Health Tech Hazard for 2026
🔥 Flickr Confirms Data Breach Following Security Flaw at External Partner
🔥 Fake PDF Files Used to Secretly Install Remote Access Tools on Victims’ Systems
🔥 Opus 4.6: Anthropic's AI Workforce for the Rest of Us?
🔥 n8n Workflow Vulnerability Bypassed in Days: How to Secure Your Automation (CVE-2026-25049)
🔥 Amazon's Alexa+ Goes Free for Prime Members: A Battle with ChatGPT?
🔥 Meta and Ubisoft Signal Industry Reset: The End of Growth-at-All-Costs Philosophy
🔥 Bitcoin's Supply Crossroads: Miners, ETFs, and the $98K STH Threshold
🔥 February Smartphone Launches Heat Up Tech Scene
🔥 Microsoft Data Center Power Outage Disrupts Key Services
🔥 AI Chatbot Misuse Ranks Top Health Tech Hazard for 2026
🔥 Flickr Confirms Data Breach Following Security Flaw at External Partner
🔥 Fake PDF Files Used to Secretly Install Remote Access Tools on Victims’ Systems
🔥 Opus 4.6: Anthropic's AI Workforce for the Rest of Us?
🔥 n8n Workflow Vulnerability Bypassed in Days: How to Secure Your Automation (CVE-2026-25049)
🔥 Amazon's Alexa+ Goes Free for Prime Members: A Battle with ChatGPT?
🔥 Meta and Ubisoft Signal Industry Reset: The End of Growth-at-All-Costs Philosophy
🔥 Bitcoin's Supply Crossroads: Miners, ETFs, and the $98K STH Threshold

North Korean Hackers Weaponize AI to Bypass Email Filters in Blockchain Sector Attacks

• 👤 Abbas Kandemir
📂 Technology
Cybersecurity threat visualization showing AI-generated malware bypassing email filters to target blockchain developers

AI-generated malware is now bypassing email filters by exploiting Google's ad click tracking system, as North Korean hackers target blockchain developers with a multi-stage PowerShell backdoor.

The Genians Security Center analyzed the attack as a case that "effectively bypassed email security filtering and user vigilance through a spear-phishing attack vector that exploited the ad click redirection mechanism used within the Google advertising ecosystem."

"This attack is analyzed as a case that effectively bypassed email security filtering and user vigilance through a spear-phishing attack vector that exploited the ad click redirection mechanism used within the Google advertising ecosystem," said the Genians Security Center.

Konni (also known as Earth Imp, TA406, etc.) has expanded its targeting to Japan, Australia, and India, using AI-generated PowerShell malware to exploit blockchain developers. The latest campaign, Operation Poseidon, uses ZIP files hosted on Discord's CDN containing LNK shortcuts that execute EndRAT via AutoIt scripts disguised as PDFs.

The PowerShell backdoor includes anti-analysis checks, UAC bypass via FodHelper, and leverages Microsoft Defender exclusions to establish persistence. Check Point Research noted that the introduction of AI-assisted tooling suggests an effort to accelerate development and standardize code while continuing to rely on proven delivery methods and social engineering.

"The introduction of AI-assisted tooling suggests an effort to accelerate development and standardize code while continuing to rely on proven delivery methods and social engineering," said Check Point Research.

Other North Korea-linked campaigns include JSE scripts mimicking HWPX files, LNK-based MoonPeak RAT, and Andariel's 2025 ERP vendor compromise distributing StarshellRAT, JelusRAT, and GopherRAT. These campaigns share common tactics like social engineering and multi-stage payloads but differ in their specific delivery mechanisms and target industries.

Related Topics:
#Technology #hacker

Read more