Eternal Malware on Blockchain: Steals Crypto, Passwords, and More

Blockchain tech promises security and forever storage. But hackers now hide malware on the blockchain that no one can delete. This new threat pulls code from chains like TRON and Aptos. It leads to a super stealer called Omnistealer. It grabs crypto wallets, passwords, and files from your device. Once there, it stays for good.

How the Attack Starts: Fake Jobs and Sneaky Code

It often begins with a job offer. Hackers message devs on LinkedIn or Upwork. They ask to run simple code from GitHub for a freelance gig. The code looks harmless. But it connects to blockchains.

First, it hits cheap chains like TRON or Aptos. These public ledgers store transactions forever. The code grabs a “pointer” from there. That points to Binance Smart Chain (BSC). BSC then loads the real malware: Omnistealer.

• Step 1: Run GitHub code from fake job.
• Step 2: Fetch pointer from TRON/Aptos.
• Step 3: Pull full malware from BSC.
• Step 4: Omnistealer infects your device.

Why blockchain? It’s public, cheap, and immutable. No delete button. As more transactions pile on, the bad code gets buried deeper. Tracking it costs time and money.

What Can Steal

Omnistealer is a monster. It works on over 60 crypto wallets like MetaMask and Coinbase. It hits 10+ password managers like LastPass. It grabs data from browsers like Chrome and Firefox. Even cloud storage like Google Drive.

Results? Hackers get:

• Cryptocurrency from your wallets.
• Passwords for emails and accounts.
• Company credentials for big access.
• Files from your drives.

It does not care if data is personal or work. One run, and your whole digital life is at risk.

“It literally steals everything.” – Cybersecurity expert

Who Is Behind It? North Korean Hackers Suspected

Clues point to North Korea. IP addresses link to Vladivostok, Russia – a spot tied to DPRK ops. Crypto wallets match Lazarus Group, behind WannaCry and Sony hacks. Also, a $1.5B Bybit theft in 2025.

Group called Contagious Interview fits too. They use fake jobs to scam crypto. Tactics mix state hackers with freelance tricks.

Why? North Korea needs cash for sanctions dodge. Crypto theft funds weapons. Stolen logins help fake IDs for IT workers to launder money.

Targets: Devs, Defense Firms, and Governments

Hackers hit two ways:

1. Pose as recruiters: Trick South Asian devs (India leads GitHub signups and crypto use). Devs run code, spread malware to client firms.
2. Pose as freelancers: Submit bad GitHub pull requests with hidden malware.

Victims: 300,000+ stolen logins. Hits include:

• US military emails and .gov accounts.
• Lockheed Martin suppliers.
• Defense and surveillance firms in India.
• Even odd ones like food delivery and adult sites – wide net.

India devs are prime targets: High GitHub growth, crypto love, job hunger.

Platforms like LinkedIn, Upwork, Telegram, Discord used for contact.

Why It’s Worse Than WannaCry

WannaCry hit 200,000 PCs in 2017. This could spread wider. Easy to copy with AI code tools. Blockchain hides it forever. Like sleeper agents – code sat dormant for years.

Extra weird finds: Hidden X-rays and rocket papers in blockchain data. Testing stealth? Spy messages? Unknown.

FBI Knows: DPRK Evolves in Web3

US FBI aware of DPRK targeting blockchain devs. Calls it evolution in web3 exploits. Ongoing probes.

How to Protect Yourself from

Devs and users, stay safe:

• Check jobs: Verify recruiters. Spot fakes on LinkedIn.
• Sandbox code: Run GitHub stuff in safe VMs, not main machine.
• Watch downloads: Even trusted sites like GitHub can hide risks.
• Use hardware wallets: Keep crypto offline.
• 2FA everywhere: And password managers with alerts.
• Scan often: Antivirus that catches info stealers.
• Update software: Patch browsers, extensions.

Companies: Vet freelancers. Train on social engineering. Monitor GitHub PRs.

Future: More Blockchain Malware Coming

Cheap to deploy. Hard to stop. AI makes it easy for copycats. South Asian devs may lose trust, jobs. Blockchain’s strength – forever data – now a weakness.

Investigators hunt via SE Asia Airbnbs. But hackers adapt fast.

Stay Vigilant in Crypto World

shows blockchain risks. Immutable storage helps hackers too. Protect your crypto, logins, data. Double-check jobs and code. The chain never forgets – neither should you.

Share if this opened your eyes. Comment your tips below!

Discuss this news on our Telegram Community. Subscribe to us on Google news and do follow us on Twitter @Blockmanity

Disclaimer: Blockmanity is a news portal and does not provide any financial advice. Blockmanity's role is to inform the cryptocurrency and blockchain community about what's going on in this space. Please do your own due diligence before making any investment. Blockmanity won't be responsible for any loss of funds.