TZUTC: -0500   
   MSGID: 2059.consprcy@1:2320/105 2dde10c3   
   PID: Synchronet 3.21a-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0   
   TID: SBBSecho 3.28-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   FORMAT: flowed   
   More AI malware has been found - and this time, crypto developers are under   
   attack   
      
   Date:   
   Mon, 26 Jan 2026 16:45:00 +0000   
      
   Description:   
   KONNI is using AI-generated backdoors to target crypto bros - and security   
   pros should pay attention.   
      
   FULL STORY   
      
   Security researchers have found more malware being developed with the help of   
   Gen AI, as the use of AI tools in cybercrime moves from theory into practice,   
   and that defenders should also start integrating AI into their tech stack.    
      
   Security outfit Check Point Research (CPR) has detailed KONNI , a known North   
   Korean state-sponsored threat actor that has been around for more than a   
   decade.    
      
   According to CPR, KONNI is known for targeting South Korean politicians,   
   diplomats, academics, and other similar targets. However, after more than a   
   decade of chasing after political and diplomatic targets, KONNI shifted its   
   attention towards software developers - specifically, blockchain and crypto   
   developers.   
      
   AI-generated PowerShell backdoor    
      
   CPR says that in the latest campaign, KONNI was mailing IT technicians with   
   highly convincing phishing lures, attempting to access cloud infrastructure,   
   source code repositories, APIs, and blockchain-related credentials.    
      
   Those that took the bait deployed an AI-generated PowerShell backdoor that   
   granted the attackers access to their computers, and through it, to all of    
   the secrets stored there.    
      
   A defining aspect of this campaign is the deployment of an AI-generated   
   PowerShell backdoor, demonstrating how artificial intelligence is    
   accelerating malware development and deployment, CPR said in its report.    
      
   Rather than introducing entirely new attack techniques, AI enables faster   
   iteration, easier customization, and greater flexibility.    
      
   The report also stresses that this means cybersecurity professionals will    
   have to change, or evolve, their approach, as well. AI-generated malware can   
   change faster and to a greater extent, evading traditional, signature-based   
   detection with ease.    
      
   Organizations should treat development environments as high-value targets,    
   CPR concludes. To defend, they should first strengthen phishing prevention   
   across collaboration and developer workflows. After that, they should protect   
   development and cloud environments with strong access controls and finally,   
   use AI-driven threat prevention to block unseen malware early in the attack   
   chain.    
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/pro/security/more-ai-malware-has-been-found-this-tim   
   e-targeting-crypto-developers   
      
   $$   
   --- SBBSecho 3.28-Linux   
    * Origin: Capitol City Online (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/14 305 153/7715 154/110 218/700   
   SEEN-BY: 226/30 227/114 229/110 134 206 300 307 317 400 426 428 470   
   SEEN-BY: 229/664 700 705 266/512 291/111 320/219 322/757 342/200 396/45   
   SEEN-BY: 460/58 633/280 712/848 902/26 2320/0 105 304 3634/12 5075/35   
   PATH: 2320/105 229/426