A new cybersecurity threat has emerged, targeting cryptocurrency firms and their Mac-using employees. Suspected North Korean hackers are deploying sophisticated malware in an attempt to siphon funds from these organizations.
Cybersecurity firm SentinelOne recently uncovered a campaign dubbed "Hidden Risk," which has been active since April 2023. The attackers use phishing emails containing links to malicious applications disguised as PDF documents about cryptocurrency topics.
The emails often impersonate real individuals and claim to forward messages from well-known crypto influencers. Some of the lure titles include "Hidden Risk Behind New Surge of Bitcoin Price" and "New Era for Stablecoins and DeFi, CeFi."
When unsuspecting users click on the link, they unknowingly download a malicious application bundle. This bundle installs a backdoor on the victim's Mac, allowing the hackers to gain access to sensitive information and potentially steal cryptocurrency.
The campaign has been linked to BlueNoroff, a subgroup of the notorious North Korean government hacker group Lazarus. BlueNoroff is known for its focus on financial institutions and cryptocurrency-related targets.
One concerning aspect of this campaign is the hackers' ability to acquire or hijack valid Apple "identified developer" accounts. This allows them to have their malware notarized by Apple, bypassing important security features on Mac devices.
The attackers have also built an extensive network of infrastructure mimicking legitimate Web3, cryptocurrency, fintech, and investment organizations. They have been abusing domain registrar NameCheap to create malicious sites and using email marketing tools to evade spam and phishing detection.
This campaign underscores the ongoing threat posed by state-sponsored hacking groups to the cryptocurrency industry. It serves as a reminder for crypto firms and their employees to remain vigilant and implement robust cybersecurity measures, especially when dealing with unexpected emails or links related to cryptocurrency topics.
As the cryptocurrency market continues to grow, it's likely that such targeted attacks will persist. Users and organizations in the crypto space should stay informed about the latest threats and take proactive steps to protect their digital assets and sensitive information.