Cybersecurity researchers at CloudSEK have exposed an attack campaign targeting aspiring hackers. The operation involves a weaponized version of the XWorm Remote Access Trojan (RAT) builder, primarily distributed through GitHub and other online platforms. The malware, once installed, performs harmful activities including data exfiltration, remote command execution, and File encryption for ransomware operations. The campaign has compromised over 18,459 devices worldwide, particularly in Russia, the US, India, Ukraine, and Turkey.

North Korean Hackers Use Fake U.S. Companies to Spread Malware in Crypto Industry: Report
North Korean hackers reportedly set up shell companies in the US to penetrate the crypto sector and target developers via fake job offers, according to