Slow Fog: HexagonalRodent is targeting Web3 developers with attacks

The Chief Information Security Officer of Slow Fog, 23pds, tweeted that HexagonalRodent, a subsidiary of the Lazarus Group, is targeting Web3 developers through social engineering tactics such as "high-paying remote positions" and "recruitment for well-known projects" to induce the execution of malicious code, ultimately stealing users' cryptocurrency assets.

On March 9, 2026, a user with the same name as a fast-draft extension developer was infected with the OtterCookie malware, which was used to distribute malicious programs. Attackers extensively used ChatGPT and Cursor to assist in executing the attacks, further enhancing the disguise and deception.