gossipify logo 1

High-End Investors Targeted by Cryptocurrency Scam on Telegram

Victims are infected with malware that steals data and financial assets, while the activity may be linked to the North Korean government

High-profile cryptocurrency investors are targeted by a targeted campaign that selects victims from groups across the telegram🇧🇷 The spaces, used by brokers and companies in the sector to facilitate contact with their main clients, are infiltrated by cybercriminals, who end up deceiving interested parties and contaminating them with malware.

At least one person has already been affected by the wave of scams, the total number of victims of which could be higher. According to MicrosoftCybercriminal group DEV-0139’s ultimate goal is to make financial profits from data theft and diversion of resources, while threat intelligence firm Volexity has linked the attacks to Lazarus, a gang working for the government of Korea of the North, with the theft of cryptocurrency used to finance the regime.

Whoever is responsible, indications are of targeted scams, where criminals impersonate representatives of legitimate exchanges and companies in the cryptocurrency market. By intruding into VIP client groups, they invite victims to other chats related to the fake company, where they would get exclusive investment advice and offers.

Contamination occurs when the target receives an Excel spreadsheet with real values ​​and details, comparing rates charged by different companies, but which also has macros attached, which extract a malicious DLL from an image hosted on the internet. From there, a backdoor is installed that allows remote access to the victim’s computer and is also capable of providing a second package, CryptoDashboardV2, capable of diverting cryptocurrency transfers.

Social engineering causes the targeted individual to trust the file uploader, who is locked down with a password to prevent immediate macro detection. This alleged guarantee also increases the possibility that the user will give all the necessary permissions for the execution of the malware, increasing the chances of success of a scam which, in the end, proves to be very profitable.

According to Microsoft, the scams were discovered by its threat tracking systems, which have DEV-0139 as one of the gangs whose activity it monitors. In the case of Volexity, the association with Lazarus arose from the use of sites that had already appeared in previous attacks by the gang, as well as the method itself, with the fare comparison sheet that had already appeared in scams registered in recent months, but delivering other types of malware.

Identified victims were notified and received assistance to re-secure any wallets and accounts accessed by the bandits. To all, Microsoft has also strengthened the warning regarding private messages and attached files, which should only be opened if you are sure of their origin; the same also applies to chats, with proposals to be ignored, unless the user is sure they are true.

Source: Microsoft🇧🇷 Willingness

Trending on Canaltech:

🇧🇷The best content in your email for free. Choose your favorite Terra newsletter. Click here!

Source: Terra

You may also like

Hot News



Join our community of like-minded individuals and never miss out on important news and updates again.

follow us