More AI malware has been found - and this time, crypto developers are under attack

News
By published

KONNI is using AI-generated backdoors to target crypto bros

Half man, half AI.
(Image credit: Shutterstock)
  • KONNI uses AI-generated malware, shifting focus to blockchain and crypto developers
  • Phishing lures delivered AI-generated PowerShell backdoor, enabling access to sensitive developer environments
  • CPR urges AI-driven defenses, stronger phishing prevention, and stricter cloud access controls

Security researchers have found more malware being developed with the help of Gen AI, as the use of AI tools in cybercrime moves from theory into practice, and that defenders should also start integrating AI into their tech stack.

Security outfit Check Point Research (CPR) has detailed KONNI, a known North Korean state-sponsored threat actor that has been around for more than a decade.

According to CPR, KONNI is known for targeting South Korean politicians, diplomats, academics, and other similar targets. However, after more than a decade of chasing after political and diplomatic targets, KONNI shifted its attention towards software developers - specifically, blockchain and crypto developers.

AI-generated PowerShell backdoor

CPR says that in the latest campaign, KONNI was mailing IT technicians with highly convincing phishing lures, attempting to access cloud infrastructure, source code repositories, APIs, and blockchain-related credentials.

Those that took the bait deployed an AI-generated PowerShell backdoor that granted the attackers access to their computers, and through it, to all of the secrets stored there.

“A defining aspect of this campaign is the deployment of an AI-generated PowerShell backdoor, demonstrating how artificial intelligence is accelerating malware development and deployment,” CPR said in its report.

“Rather than introducing entirely new attack techniques, AI enables faster iteration, easier customization, and greater flexibility.”

The report also stresses that this means cybersecurity professionals will have to change, or evolve, their approach, as well. AI-generated malware can change faster and to a greater extent, evading traditional, signature-based detection with ease.

“Organizations should treat development environments as high-value targets,” CPR concludes. To defend, they should first strengthen phishing prevention across collaboration and developer workflows. After that, they should protect development and cloud environments with strong access controls and finally, use AI-driven threat prevention to block unseen malware early in the attack chain.

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.