North Korean hacker BlueNoroff targets crypto firms with new malware
BlueNoroff, the infamous North Korean hacker group responsible for a string of phishing and cybersecurity attacks since 2019, is targeting crypto firms with a new malware that attacks MacOS computers.
According to a report from SentinelLabs, the malware operation nicknamed “Hidden Risk” is spread through PDF files in multiple stages. The threat actors use fake news headlines and legitimate crypto market research to lure in unsuspecting individuals and companies.
Once the user downloads the PDF file, a seemingly legitimate decoy PDF is downloaded and opened, while the malware downloads as a separate file on the MacOS desktop in the background.
This malware package contains a number of functions designed to give the hackers a backdoor to remotely access a victim’s computer to steal sensitive information, including private keys for digital asset wallets and platforms.
A map of the BlueNoroff exploit. Source: SentinelLabs
Related: Lazarus Group exploited Chrome vulnerability with fake NFT game
FBI issues warning about North Korean hackers
The United States Federal Bureau of Investigation (FBI) has issued several warnings about BlueNoroff, the broader Lazarus hacking group, and other malicious actors with ties to the North Korean regime over the past several years.
In April 2022, the law enforcement agency and the Cybersecurity and Infrastructure Security Agency (CISA) sounded the alarm and advised crypto firms to take precautionary steps to mitigate the risks posed by the state-sanctioned hacking groups.
Following the warning, BlueNoroff initiated another phishing campaign in December 2022 targeting companies and banks . The threat actors created more than 70 fraudulent domain names designed to disguise the hackers as legitimate venture capital firms to gain access to the target victim’s computers and steal funds.
More recently, in September 2024, the FBI revealed that the Lazarus Group was once again using social engineering schemes to steal crypto . The FBI explained that the hackers targeted employees on centralized exchanges and decentralized finance firms with fraudulent job offers.
The goal of the phishing operation was to build relationships with the target victims and foster trust. Once sufficient trust was established, the victims were directed to click a malicious link posing as employment tests and applications, which compromised their systems and drained any desktop wallets of funds.
Asia Express: India mulls new crypto ban to support CBDC, Lazarus Group strikes again
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
SEC Sues a Cryptocurrency Company for More Than $100 Million in Alleged Fraud
The SEC has filed a lawsuit against a cryptocurrency company for allegedly committing a $115 million fraud, according to the latest information.
Tether Expands USDT Reserves, Issuing 1 Billion New Tokens
Alibaba’s newest AI model QwQ-32B-Preview outshines OpenAI’s o1 in some benchmarks
Share link:In this post: Alibaba’s model surpassed OpenAI in benchmarks like AIME and MATH. The model could be a step towards reasoning AI. However, the model has its limitations too.
HYPE token surges 63% after a billion-dollar airdrop
Share link:In this post: HYPE token value has risen by 60% in 12 hours following recent airdrops. Airdrops are meant to promote new tokens or to appreciate early adopters. Hyperliquid’s airdrop is the largest in the history of the DeFi protocol.