According to OpenSourceMalware research, North Korean hacking group Lazarus hid second-stage loaders in Git Hooks pre-commit scripts during developer-targeting attacks on May 9. The group used the technique in campaigns including ‘Infectious Interview,’ where it posed as cryptocurrency and DeFi recruiters to trick developers into cloning malicious code repositories, ultimately aiming to steal crypto assets and credentials.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
LayerZero Issues Public Apology for Kelp DAO Exploit, Admits Single-Verifier Setup Fault
According to The Block, LayerZero issued a public apology Friday for its handling of the April 18 exploit that drained $292 million in rsETH from Kelp DAO's cross-chain bridge. The protocol acknowledged it made a mistake by allowing its Decentralized Verifier Network to serve as the sole verifier fo
GateNews2h ago
Crypto Wrench Attacks Rise 41% in 2026, Targeting Family Members
Crypto security firm CertiK estimates that cryptocurrency holders lost approximately $101 million from wrench attacks during the first four months of 2026, representing a 41% increase in verified incidents compared to the same period in 2025. If the trend continues at this rate, losses could reach s
CryptoFrontier3h ago
Linux "Copy Fail" Vulnerability Listed by CISA; 10-Line Code Enables Root Privilege Escalation
According to BlockBeats, on May 9, the Linux kernel "Copy Fail" vulnerability was added to CISA's Known Exploited Vulnerabilities (KEV) catalog. The flaw affects major Linux distributions since 2017 and allows attackers with regular user permissions to escalate to root access using
GateNews4h ago
Chrome Automatically Downloads Multi-Gigabyte Gemini Nano AI Model on May 9, Sparks Crypto Community Security Concerns
According to BlockBeats, on May 9, Chrome automatically downloaded a multi-gigabyte AI model file (Gemini Nano) to users' devices without explicit consent for local fraud detection, webpage summarization, and AI features.
While Google stated that local AI execution enhances privacy and security,
GateNews4h ago
Crypto Wrench Attacks Surge in 2026, with $101M Lost in First Four Months, CertiK Reports
According to CertiK, crypto wrench attacks—physical assaults and extortion targeting cryptocurrency holders—have resulted in approximately $101 million in losses during the first four months of 2026. The firm verified 34 incidents globally, representing a 41% increase compared to the same period in
GateNews4h ago
Wasabi Protocol Suffers $5.7M Loss to Spring Boot Actuator Misconfiguration on May 9
Wasabi Protocol disclosed a security incident today (May 9) in which attackers exploited a Spring Boot Actuator misconfiguration in its AWS infrastructure to steal private keys controlling EVM smart contracts. The breach resulted in approximately $4.8 million in user funds and $900,000 in protocol r
GateNews8h ago
