Signal

Reports flag north korea-linked malware campaigns targeting crypto firms

Evidence first: scan the strongest sources, then decide whether to go deeper.

Published 2026-02-10 22:17 UTCUpdated 2026-02-11 12:22 UTC

rss

securitymalwarecybercrimecrypto_theftsocial_engineeringmacos

Source links open

Source links and full evidence are open here. Archive history, compare-over-time, alerts, exports, API, integrations, and workflow are paid.

Back Evidence (2)Get the free brief by email Start free trial

No card needed for the free brief.

Evidence trail (top sources)

top sources (2 domains)

2 top sources shown

Google Cloud flags North Korea-linked crypto malware campaign

Cointelegraph · News · cointelegraph.com · 2026-02-11 12:22 UTC

North Korean hackers use new macOS malware in crypto-theft attacks

BleepingComputer · News · bleepingcomputer.com · 2026-02-10 22:17 UTC

limited source diversity in top sources

View all evidence

Overview

Security reporting converges on a North Korea-linked malware push aimed at cryptocurrency-sector targets. The coverage highlights tailored social-engineering delivery methods (including AI-generated video and the “ClickFix” technique) and notes that Google Cloud’s Mandiant has tracked the suspected actors over multiple years, with AI described as helping scale activity more recently.

Entities

Google CloudMandiant

Score total

0.98

Momentum 24h

Posts

Origins

Source types

Duplicate ratio

Why now

New reporting highlights updated tactics like AI-generated video and ClickFix
Google Cloud/Mandiant tracking is being cited in current coverage
Cluster activity is recent, with multiple outlets flagging the same campaign theme

Why it matters

Malware campaigns can directly lead to crypto theft and operational disruption
macOS targeting broadens the threat surface for crypto teams and executives
AI-assisted social engineering may increase attack volume and believability

LLM analysis

Topic mix: lowPromo risk: lowSource quality: medium

Recurring claims

North Korea-linked actors are using social engineering and malware to target the cryptocurrency sector, including macOS-focused delivery.

How sources frame it

BleepingComputer: neutral
Cointelegraph: neutral

Two-source cluster on North Korea-linked malware targeting crypto/fintech, with emphasis on macOS/Windows delivery tactics and Google Cloud/Mandiant tracking.

All evidence

Google Cloud flags North Korea-linked crypto malware campaign

Cointelegraph · cointelegraph.com · 2026-02-11 12:22 UTC

North Korean hackers use new macOS malware in crypto-theft attacks

BleepingComputer · bleepingcomputer.com · 2026-02-10 22:17 UTC

Show filters & breakdown

Posts loaded: 0Publishers: 2Origin domains: 2Duplicates: -

Platform

Publisher

Origin domain

Relevance tier

Duplicates only

Showing 2 / 0

Top publishers (this list)

Cointelegraph (1)
BleepingComputer (1)

Top origin domains (this list)

cointelegraph.com (1)
bleepingcomputer.com (1)