RSS

UNK_DeadDrop Phishing Campaign Targets Developers to Steal Cryptocurrency

denysvitali1 pts0 comments

Don't Fear the Repo: UNK_DeadDrop Phishing Campaign Targets Developers to Steal Cryptocurrency | Proofpoint US

Skip to main content

us:<br>English: Americas

Search

Partners

Support

Login

Back

Get a Demo

Contact Us

Top Suggestions:

Email Security<br>Phishing<br>DLP<br>Email Fraud<br>Prime Threat Protection

Platform

Collaboration Security

Data Security and Governance

AI Security

Platform Technologies

Services

Platform

Cybersecurity for the agentic workspace starts with Proofpoint’s human and agent-centric security platform.

Featured

Join a live Protect event—learn how to protect people, data, and AI

Live Events

Collaboration Security

Stop cyberthreats with AI-driven multichannel protection.

Discover Collaboration Security Prime

Featured

Experience Core Email Protection in action—block 99.99% of email threats

Interactive Demo

Data Security and Governance

Transform data security with a unified, omnichannel approach.

See why Proofpoint is a leader

Featured

Understand the top data security risks organizations face — and how to stay ahead

Research Report

AI Security

Unify AI security across people, agents, and MCP

Secure every layer of your AI

Featured

AI at Proofpoint

Platform Technologies

Proofpoint technologies powering human and agent-centric security.

Discover the security risks

AI at Proofpoint

Learn more

Services

Optimize Proofpoint solutions with expert services.

Featured

"The partnership with Proofpoint, it's an extention of our team." –Celesta Capital

Customer Story

Use Case

Industry

Use Case

Comprehensive solutions for today’s cybersecurity threats.

Featured

Securing and Governing Data for AI

White Paper

Industry

Superior protection for every industry, from small business to large enterprise.

Featured

Discover the security risks healthcare organizations can't afford to ignore

Threat Report

Why Proofpoint

More than 80 of the Fortune 100 choose Proofpoint to protect their people, data, and AI.

Why Proofpoint

Resources

Threat Intelligence

Resources

Research, insights and resources from Proofpoint experts.

Resource Library

Featured

New Agents, New Attacks: Securing Collaboration in the Agentic Era

Live Webinar Series—Register Now

Threat Intelligence

Learn from our expert threat intelligence and insights that you won’t find anywhere else.

Featured

Proofpoint DISCARDED Tales from the threat research trenches

Podcast

Company

Learn more about the team driving human and agent-centric security.

About Proofpoint

Featured

Stop Threats at Every Layer—People, Data, AI

Proofpoint provides intent-based protection for every human, every AI agent, across all data.

Blog<br>Threat Insight

Don't Fear the Repo: UNK_DeadDrop Phishing Campaign Targets Developers to Steal Cryptocurrency

Don't Fear the Repo: UNK_DeadDrop Phishing Campaign Targets Developers to Steal Cryptocurrency

Share with your network!

June 08, 2026

Saher Naumaan, Carlos Rubio, and the Proofpoint Threat Research Team

By Saher Naumaan, Carlos Rubio, and the Proofpoint Threat Research Team

Key Findings

Between April and May 2026, Proofpoint Threat Research observed a likely North Korean threat actor conducting phishing campaigns using developer role recruitment or code review themes to targets in close to 100 organizations in finance, cryptocurrency, education, technology, and several other sectors. Proofpoint clusters this activity under the name UNK_DeadDrop.

The infection chain begins with emails containing links to actor-controlled GitHub repositories hosting malicious scripts that result in the execution of cross-platform malware for macOS, Linux, and Windows, including an open-source Go framework named Overlord.

The campaigns abused Visual Studio Code workflows and deployed a stealthy new technique using malicious Visual Studio Extensions (VSIX) that requires minimal user interaction.

The activity has similarities to another North Korean group called Contagious Interview; however, there is no direct overlap in Proofpoint telemetry so Proofpoint Threat Research tracks this activity as a distinct cluster.

Overview

Since at least 2022, North Korea-aligned threat actors have made a concerted effort not only to target cryptocurrency and decentralized finance organizations, but specifically to target developers using fake recruiter personas, malicious npm/PyPI packages (TraderTraitor / Jade Sleet), and trojanized cryptocurrency trading applications (AppleJeus / Citrine Sleet). These often masquerade as technical assessments or coding challenges and use techniques such as ClickFix or abusing Visual Studio Code’s features to execute malware. Approaches often occur over LinkedIn, Slack, Telegram, or in a multi-platform manner, with a consistent aim of targeting developer assets such as API tokens, cryptocurrency wallets, and credentials.

In April and May 2026, Proofpoint Threat Research observed a new, large wave of this type of activity distinct from known DPRK operations (also...

proofpoint security threat featured data cryptocurrency

Related Articles

The Newest Instagram "Exploit" Is the Goofiest I've Seen

ssiddharth34 ptsaccount attacker email instagram seen like

Apple WWDC 2026 Livestream

nextstep32 ptsapple stream video event live feed

Claude Fable 5

Philpax30 ptsfable claude mythos model models capabilities

US Government directive to suspend access to Fable 5 and Mythos 5

Dylan131224 ptsfable government anthropic jailbreak access mythos

It's Not Just X. It's Y

mooreds21 ptslanguage model writing like grammarly human
terms · privacy · disclaimer · contact · policy
© 2026 NewsHub. All rights reserved.
This site is for informational purposes only. Content is aggregated from publicly available sources. We may earn commissions through affiliate links. Not affiliated with Y Combinator or Hacker News.