Back

HexagonalRodent Targets Web3 Developers with Social Engineering Attacks

Severity: High (Score: 72.5)

Sources: Chaincatcher, Kucoin

Summary

The Lazarus Group's HexagonalRodent faction is targeting Web3 developers using social engineering tactics, including fake job offers for high-paying remote positions and recruitment for well-known projects. These tactics aim to trick developers into executing malicious code, resulting in the theft of cryptocurrency assets. On March 9, 2026, a user, impersonating a fast-draft extension developer, was infected with the OtterCookie malware, which facilitated the distribution of additional malicious software. Attackers are leveraging tools like ChatGPT and Cursor to enhance their deception and impersonation efforts. The ongoing campaign poses a significant risk to Web3 developers and their assets. Security firms like Slow Fog and SlowMist have issued warnings about these attacks, highlighting the need for vigilance among developers. Key Points: • HexagonalRodent is using social engineering to target Web3 developers. • The OtterCookie malware was used in a notable infection case on March 9, 2026. • Attackers are employing advanced tools like ChatGPT and Cursor to execute their schemes.

Key Entities

  • HexagonalRodent (apt_group)
  • Lazarus Group (apt_group)
  • Malware (attack_type)
  • Phishing (attack_type)
  • North Korea (country)
  • OtterCookie (malware)
  • ChatGPT (platform)
  • Cursor (company)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed