North Korean Group Uses AI to Compromise Crypto Wallets via npm Package
A North Korean state-backed group, Famous Chollima, has been identified as the source of a malicious npm package, @validate-sdk/v2, which is being used to compromise cryptocurrency wallets. This package, falsely presented as a validation tool, is part of the PromptMink campaign that has been active for seven months. The campaign involves a sophisticated two-layer package strategy to deploy malware, targeting developers through secondary dependencies. The malicious activity has evolved from data theft to more complex operations, including directory scanning and SSH key injections, affecting both Windows and Linux systems. 
