Cryptocurrency startups worldwide are falling prey to the cybercriminal group BlueNoroff, which siphons off their digital assets, according to experts from Kaspersky Lab.<\/p>\n
According to them, BlueNoroff sends emails purportedly from existing venture-capital firms as bait to persuade the victim to open an attachment to the email\u2014a macro-enabled document.<\/p>\n
Researchers have found that the attackers misused trademarks and the names of employees from more than 15 venture organisations. Experts say that the real companies have nothing to do with either the attacks or the emails.<\/p>\n
\n\u201cIf the device is not connected to the internet, a macro-enabled document does not pose a danger. Otherwise, it will download onto the victim’s device another document that deploys malware,\u201d explained Kaspersky Lab.<\/p>\n<\/blockquote>\n
In addition to infected Word documents, the attackers spread malware in archive files containing Windows shortcuts. These enable the later creation of a fully functional backdoor. To surveil the victim, BlueNoroff uses keyloggers and screenshot-capture programs.<\/p>\n
\n\u201cUpon identifying a suitable potential victim who uses a popular browser extension to manage crypto wallets\u2014such as MetaMask\u2014the attackers replace it with a fraudulent version,\u201d the researchers noted.<\/p>\n<\/blockquote>\n
The attackers also receive notices of large transfers and, at the moment of the transaction, intercept them, altering the recipient address and inflating the transfer amount to the maximum.<\/p>\n
BlueNoroff is part of the North Korean Lazarus group and uses its diversified structure and advanced technologies to attack users in different countries.<\/p>\n
To defend against hackers, Kaspersky Lab experts recommend regular network audits, using up-to-date protections against sophisticated attacks, and training staff in cybersecurity basics.<\/p>\n
According to Chainalysis, in 2021 North Korean hackers stole $400 mln in cryptocurrencies<\/a>.<\/p>\n