Non Cult Crypto News

Non Cult Crypto News

in

North Korean hacker BlueNoroff targets crypto firms with new malware

According to cybersecurity firm Recorded Future, North Korean hacker groups have stolen approximately $3 billion in funds since 2017.

COINTELEGRAPH IN YOUR SOCIAL FEED

BlueNoroff — the infamous North Korean hacker group responsible for a string of phishing and cybersecurity attacks since 2019 — is targeting crypto firms with a new malware that attacks MacOS computers.

According to a report from SentinelLabs, the malware operation nicknamed “Hidden Risk” is spread through PDF files in multiple stages. The threat actors use fake news headlines and legitimate crypto market research to lure in unsuspecting individuals and companies.

Once the user downloads the PDF file, a seemingly legitimate decoy PDF is downloaded and opened, while the malware downloads as a separate file on the MacOS desktop in the background.

This malware package contains a number of functions designed to give the hackers a backdoor to remotely access a victim’s computer to steal sensitive information including private keys for digital asset wallets and platforms.

A map of the BlueNoroff exploit. Source: SentinelLabs

Related: Lazarus Group exploited Chrome vulnerability with fake NFT game

FBI issues warning about North Korean hackers

The United States Federal Bureau of Investigation (FBI) issued several warnings about BlueNoroff, the broader Lazarus hacking group, and other malicious actors with ties to the North Korean regime over the past several years.

In April 2022, the law enforcement agency and the Cybersecurity and Infrastructure Security Agency (CISA) sounded the alarm and advised crypto firms to take precautionary steps to mitigate the risks posed by the state-sanctioned hacking groups.

Following the warning, BlueNoroff initiated another phishing campaign in December 2022 targeting companies and banks. The threat actors created more than 70 fraudulent domain names designed to disguise the hackers as legitimate venture capital firms to gain access to the target victim’s computers and steal funds.

More recently, in September 2024, the FBI revealed that the Lazarus Group was once again using social engineering schemes to steal crypto. The FBI explained that the hackers targeted employees at centralized exchanges and decentralized finance firms with fraudulent job offers.

The goal of the phishing operation was to build relationships with the target victims and foster trust. Once sufficient trust was established, the victims were directed to click a malicious link posing as employment tests and applications, which compromised their systems and drained any desktop wallets of funds.

Magazine: India mulls new crypto ban to support CBDC, Lazarus Group strikes again: Asia Express

This article first appeared at Cointelegraph.com News

What do you think?

Written by Outside Source

SEC delays decision on NYSE options for spot Ethereum ETFs

Tether helps Canadian police recover stolen crypto

Back to Top

Ad Blocker Detected!

We've detected an Ad Blocker on your system. Please consider disabling it for Non Cult Crypto News.

How to disable? Refresh

Log In

Or with username:

Forgot password?

Don't have an account? Register

Forgot password?

Enter your account data and we will send you a link to reset your password.

Your password reset link appears to be invalid or expired.

Log in

Privacy Policy

To use social login you have to agree with the storage and handling of your data by this website.

Add to Collection

No Collections

Here you'll find all collections you've created before.