'HexagonalRodent': North Korea-Backed Group Uses AI to Steal Millions in Web3 Assets

According to a recent report from network security firm Expel, 'HexagonalRodent' is an advanced persistent threat (APT) group believed to be supported by North Korea. The group has been active for several months, with its primary target being Web3 developers.

The attackers use AI-generated tools and fake company websites to lure their victims into completing 'skills tests' that contain malicious code. Once the victim opens a project file folder in VSCode, the malware is automatically executed, giving the attackers remote access and control over the victim's system.

The group has used various malware, including BeaverTail, OtterCookie, and InvisibleFerret, which have capabilities such as password theft, reverse shells, and remote execution. What sets 'HexagonalRodent' apart is its extensive use of AI-generated tools to develop malware, create fake company websites, and even register shell companies in Mexico to increase the credibility of their attacks.