North Korean hacker BlueNoroff targets crypto firms with new malware
From cointelegraph by Vince Quill
NEWSCOINTELEGRAPH IN YOUR SOCIAL FEED Follow our Subscribe on
BlueNoroff, the notorious North Korean hacking group behind a series of phishing and cybersecurity attacks since 2019, is now targeting cryptocurrency firms with a new malware designed specifically to infiltrate Apple’s macOS.
According to a report from SentinelLabs, the malware operation nicknamed “Hidden Risk” is spread through PDF files in multiple stages. The threat actors use fake news headlines and legitimate crypto market research to lure in unsuspecting individuals and companies.
Once the user downloads the PDF file, a seemingly legitimate decoy PDF is downloaded and opened, while the malware downloads as a separate file on the macOS desktop in the background.
This malware package contains a number of functions designed to give the hackers a backdoor to remotely access a victim’s computer to steal sensitive information, including private keys for digital asset wallets and platforms.
A map of the BlueNoroff exploit. Source: SentinelLabs
Related: Lazarus Group exploited Chrome vulnerability with fake NFT game
FBI issues warning about North Korean hackers
The United States Federal Bureau of Investigation (FBI) has issued several warnings about BlueNoroff, the broader Lazarus hacking group, and other malicious actors with ties to the North Korean regime over the past several years.
In April 2022, the law enforcement agency and the Cybersecurity and Infrastructure Security Agency (CISA) sounded the alarm and advised crypto firms to take precautionary steps to mitigate the risks posed by the state-sanctioned hacking groups.
Following the warning, BlueNoroff initiated another phishing campaign in December 2022 targeting companies and banks . The threat actors created more than 70 fraudulent domain names designed to disguise the hackers as legitimate venture capital firms to gain access to the target victim’s computers and steal funds.
More recently, in September 2024, the FBI revealed that the Lazarus Group was once again using social engineering schemes to steal crypto . The FBI explained that the hackers targeted employees on centralized exchanges and decentralized finance firms with fraudulent job offers.
The goal of the phishing operation was to build relationships with the target victims and foster trust. Once sufficient trust was established, the victims were directed to click a malicious link posing as employment tests and applications, which compromised their systems and drained any desktop wallets of funds.
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
2024 Crypto Developer Report SummaryExecutive Summary
Digital Veblen Goods and Fees
Musings on the Future of Actually Smart Wallets
Bitwise CIO: Биткойн может достичь $200 000 без краха доллара