EncryptHub Phishes Web3 Developers with Fake AI Platforms to Install Crypto-Stealing Malware

The financially motivated threat group EncryptHub (aka LARVA‑208/Water Gamayun) is targeting Web3 developers via spoofed AI platforms like "Norlax AI" and "Teampilot." Using fake job offers or portfolio reviews, attackers lure victims into downloading malicious software disguised as audio drivers. This triggers the installation of Fickle Stealer, which harvests cryptocurrency wallets, dev credentials, and project data for exfiltration. Developers should use endpoint protection and authenticity.

Categories

EncryptHub Phishes Web3 Developers with Fake AI Platforms to Install Crypto-Stealing Malware

Also Read

Trump Softens China Stance—Lifts Nvidia H20 Ban, Leaving Hawks Sidelined

Microsoft Warns of Zero-Day Attacks on SharePoint Servers; Urges Immediate Patch

India’s Electronics Gate Opens for China, But Only With JVs and Tech Transfer

7‑Zip Flaw in RAR5 Decoder Lets Hackers Crash Systems via Denial‑of‑Service

EncryptHub Phishes Web3 Developers with Fake AI Platforms to Install Crypto-Stealing Malware

Cybersecurity Must Join Digital Trade: Karanvir Singh Urges Protections for MSMEs at WSIS+20

Microsoft Expands Copilot Vision to Scan Entire Windows Desktop for Real-Time AI Assistance

Trump to Resolve “Crypto Week” Deadlock After House GOP Rifts

Sarvam AI To Open-Source IndiaAI Mission Models To Boost Local AI Innovation

Subscribe To Our Newsletter.