In autumn, Kaspersky Lab experts detected a целевую атаку кибергруппы BlueNoroff on cryptocurrency-related venture funds, startups and banks worldwide. ForkLog was informed of this by representatives of the company.
Hackers created 70 counterfeit domains masquerading as well-known venture funds and banks in Japan, the United States, Vietnam and the UAE. The attackers are also experimenting with new file types — Visual Basic Script, Windows Batch, and Windows executable files — to deploy malware.
Infection of systems typically occurs through sending documents supposedly containing a contract from a client. The malware allows hackers to control the system and plan cryptocurrency theft.
At the moment of the transaction, the victim’s funds are sent to the attackers’ wallet. By exploiting BlueNoroff’s ability to raise transfer limits, the stolen amount may be higher.
Hackers have learned to bypass the Mark of the Web feature, which warns users about opening downloaded files and runs them in protected mode. To do this, they embed malware into images and ISO files.
Kaspersky Lab warns that in 2023 BlueNoroff could unleash a large-scale cyber-epidemic, surpassing WannaCry.
Earlier, ForkLog reported that users of hundreds of banking apps, cryptocurrency wallets and bitcoin exchanges became victims of the Godfather Android mobile banking Trojan.
Read ForkLog’s bitcoin news on our Telegram — cryptocurrency news, rates and analytics.