North Korean-linked job scam steals crypto credentials

A Serbian web developer was targeted by a sophisticated recruitment scam posing as a blockchain firm called Genusix Labs. The multi-stage attack featured convincing deepfake actors on Zoom calls and a malicious coding test that deployed a backdoor, exfiltrating 634 Chrome passwords, macOS keychain data, and MetaMask wallet credentials within 56 seconds. Blockchain intelligence firm zeroShadow attributes the campaign to North Korean state-linked actors, noting tactical and code overlap with a prior $40 million cryptocurrency heist.