30s Summary
North Korean hacking group BlueNoroff is targeting cryptocurrency companies with a virus affecting Mac users, named “Hidden Risk”. The virus is hidden within PDF files and allows the hackers to access sensitive information, such as private keys for digital wallets. Despite warnings from the FBI and other security agencies, the group continues its attacks, including a phishing campaign in December that used fake domain names to impersonate investment companies. Earlier, BlueNoroff’s parent group Lazarus was identified as using social engineering tactics to steal cryptocurrencies from centralized exchanges and decentralized finance firms.
Full Article
The notorious North Korean hacking gang BlueNoroff, known for its cyber crimes since 2019, is now targeting cryptocurrency businesses with a new type of virus that affects Mac users.
As per a report from SentinelLabs, this sneaky operation, named “Hidden Risk”, is deployed through PDF files in a few steps. The hackers pretend to be sharing hot-off-the-press news or trustworthy cryptocurrency market analysis to trick individuals and companies.
When someone downloads the presented PDF file, what appears to be an innocent decoy PDF opens up, while the real malicious virus gets downloaded behind the scenes onto the Mac desktop. This nasty piece of malware comes armed with several features which allow the hackers to sneak into a person’s computer from afar. They can then nab sensitive info like the private keys for digital wallets and platforms.
The FBI has repeatedly warned people about the dangerous activities of BlueNoroff, its parent group Lazarus, and other harmful figures linked to the North Korean government. Just this April, the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) urged crypto businesses to step up their security defenses against these state-backed hackers.
Ignoring these cautions, BlueNoroff orchestrated another phishing drive in December, aiming at firms and banks. The hackers concocted over 70 fake domain names so they could impersonate real investment companies. Their goal was to sneak into their victims’ computers and steal their funds.
Recently in September, the FBI disclosed that the Lazarus Group was using social engineering tactics to steal cryptocurrencies. They said that the hackers were luring employees of centralized exchanges and decentralized finance firms with sham job offers.
The phishing scheme was planned to build a connection with their intended victims and earn their trust. Once they felt the victims trusted them enough, they got them to click on a malicious link pretending to be job tests and applications. This led to their systems being compromised and their desktop wallets being emptied.