Back to News
This news item is outdated. Market conditions may have changed since publication.
Crypto firms targeted in fake interviews, malware spreads via AI chatbots

Crypto firms targeted in fake interviews, malware spreads via AI chatbots

A new cyberattack group targeted crypto companies via fake job interviews and macOS malware, alongside GPU hidden miners spread through search spam and AI chatbots. Major cybersecurity firms disrupted a developer-targeting network.
Security researchers have uncovered a wave of targeted attacks on cryptocurrency companies leveraging deceptive tactics and advanced malware strains. One emerging threat involves a cybercriminal group conducting fake job interviews to infiltrate organizations, deploying macOS-specific malicious software to avoid detection.

Unlike typical phishing scams, these operations use carefully crafted hiring conversations to gain initial access before escalating privileges within firms. The malware deployed on Apple devices appears engineered for stealth, exploiting vulnerabilities unique to the macOS environment. This raises new concerns since attackers traditionally focus on Windows systems, leaving Mac users increasingly vulnerable.

In a separate development, hidden GPU cryptominers have been spreading through Google search spam and manipulative AI chatbots designed to engage users. By embedding mining code in seemingly innocuous links or chatbot interactions, threat actors capitalize on unsuspecting clicks to coin-mine aggressively on visitor hardware. The covert nature of this method complicates detection and mitigation efforts.

Meanwhile, a vigilante hacker was expelled from GitHub and GitLab following the release of Microsoft zero-day exploit code. The hacker’s brief tenure on these platforms raises debate over responsible disclosure versus reckless vulnerability broadcasting. Both hosts faced significant pressure to remove the actor amid fears that public exploit details could fuel widespread attacks if unpatched systems remain.

On the defensive front, cybersecurity giants CrowdStrike and Google collaborated to dismantle a botnet targeting open-source protocol developers. By infiltrating this network, they disrupted attackers attempting to compromise critical decentralized infrastructure components, which underpin large swaths of the crypto ecosystem. This takedown highlights ongoing threats to open-source contributors and the multi-layered defense needed in decentralized finance environments.

Traders and infrastructure operators should monitor official channels for patch updates, particularly those related to macOS malware and Microsoft zero-days. The rapid innovation of attack vectors, including AI-powered delivery, requires heightened vigilance as threat actors adapt swiftly. With cryptonetworks increasingly intertwined with open-source projects and diverse devices, the attack surface broadens, intensifying risks for key participants in the ecosystem.

Related news