Report says North Korean hackers used AI tools to steal up to $12M

In short: A cybersecurity firm says a North Korea-linked hacking group used everyday AI tools to run a large crypto theft campaign, stealing up to $12 million in three months.

What's going on

Expel, a cybersecurity company, reported that a group it calls HexagonalRodent installed password stealing malware on more than 2,000 computers. Malware is harmful software that sneaks onto a device, like a hidden keylogger that records what you type.

The targets were people building small cryptocurrency projects, NFTs, and other crypto apps. The hackers reportedly used fake job offers to lure victims. They created realistic company websites and then sent a “coding test” file that was infected, which helped them steal logins and other access.

Researchers say AI tools helped the group do almost every step, including writing the malware code and building the fake websites. The report and outside researchers described the group as not very skilled, but able to move faster by leaning on AI. It is similar to giving a beginner a set of templates and step by step instructions, then asking them to copy and paste until it works.

One reason investigators noticed the AI involvement is that the malware code had unusual clues, like lots of English comments and even emojis. The hackers also left some of their setup exposed online, including prompts that appeared to show they used tools like ChatGPT and Cursor.

What to watch

This case suggests a near-term risk is not “super hacker AI,” but regular criminals using AI to do routine work at scale. People working independently, like small crypto developers, may be easier targets if they do not have business-grade security tools installed.

Source: Wired