Post

EncryptHub Deploys Fickle Stealer Malware via Fake AI Platforms to Target Web3 Developers

Posted
By Vitus White
1 min read
EncryptHub Deploys Fickle Stealer Malware via Fake AI Platforms to Target Web3 Developers

TL;DR

The financially motivated threat actor EncryptHub is targeting Web3 developers with information-stealing malware through fake AI platforms. The campaign uses job offers and portfolio review requests to lure victims.

EncryptHub’s New Campaign Targets Web3 Developers

The financially motivated threat actor known as EncryptHub (also identified as LARVA-208 and Water Gamayun) has launched a new campaign targeting Web3 developers. This sophisticated campaign aims to infect victims with information-stealing malware.

Tactics and Methods

EncryptHub has evolved its tactics, utilizing fake AI platforms such as Norlax AI, which mimics legitimate services like Teampilot. These platforms are used to entice victims with job offers or requests for portfolio reviews. This deceptive approach exploits the trust and interest of Web3 developers, making them vulnerable to malware attacks.

Impact and Implications

The use of fake AI platforms to distribute malware highlights a concerning trend in cybersecurity. As AI becomes more integrated into various industries, threat actors are leveraging its popularity to carry out malicious activities. Web3 developers, in particular, are at risk due to their involvement in cutting-edge technologies that often handle sensitive information.

Preventive Measures

To safeguard against such threats, developers should exercise caution when engaging with unfamiliar platforms or job offers. Verifying the authenticity of AI services and being wary of unsolicited requests can significantly reduce the risk of falling victim to malware attacks.

Conclusion

The EncryptHub campaign serves as a reminder of the evolving landscape of cyber threats. As technology advances, so do the methods used by cybercriminals. Staying informed and vigilant is crucial for protecting against these emerging threats 1.

References

  1. The Hacker News (2025). “EncryptHub Targets Web3 Developers Using Fake AI Platforms to Deploy Fickle Stealer Malware”. The Hacker News. Retrieved 2025-07-20. ↩︎

Cybersecurity & Data Protection, Vulnerabilities
cybersecurity threat-intelligence web3 developers
This post is licensed under CC BY 4.0 by the author.