Victims are infected with malware that steals data and financial assets, while the activity may be linked to the North Korean government
High-profile cryptocurrency investors are targeted by a targeted campaign that selects victims from groups across the telegram🇧🇷 The spaces, used by brokers and companies in the sector to facilitate contact with their main clients, are infiltrated by cybercriminals, who end up deceiving interested parties and contaminating them with malware.
- 6 tips to avoid cryptocurrency scams
- Brazil leads the way in victims of password-stealing and cryptocurrency-stealing Chrome extension
At least one person has already been affected by the wave of scams, the total number of victims of which could be higher. According to MicrosoftCybercriminal group DEV-0139’s ultimate goal is to make financial profits from data theft and diversion of resources, while threat intelligence firm Volexity has linked the attacks to Lazarus, a gang working for the government of Korea of the North, with the theft of cryptocurrency used to finance the regime.
Whoever is responsible, indications are of targeted scams, where criminals impersonate representatives of legitimate exchanges and companies in the cryptocurrency market. By intruding into VIP client groups, they invite victims to other chats related to the fake company, where they would get exclusive investment advice and offers.
Contamination occurs when the target receives an Excel spreadsheet with real values and details, comparing rates charged by different companies, but which also has macros attached, which extract a malicious DLL from an image hosted on the internet. From there, a backdoor is installed that allows remote access to the victim’s computer and is also capable of providing a second package, CryptoDashboardV2, capable of diverting cryptocurrency transfers.
Social engineering causes the targeted individual to trust the file uploader, who is locked down with a password to prevent immediate macro detection. This alleged guarantee also increases the possibility that the user will give all the necessary permissions for the execution of the malware, increasing the chances of success of a scam which, in the end, proves to be very profitable.
According to Microsoft, the scams were discovered by its threat tracking systems, which have DEV-0139 as one of the gangs whose activity it monitors. In the case of Volexity, the association with Lazarus arose from the use of sites that had already appeared in previous attacks by the gang, as well as the method itself, with the fare comparison sheet that had already appeared in scams registered in recent months, but delivering other types of malware.
Identified victims were notified and received assistance to re-secure any wallets and accounts accessed by the bandits. To all, Microsoft has also strengthened the warning regarding private messages and attached files, which should only be opened if you are sure of their origin; the same also applies to chats, with proposals to be ignored, unless the user is sure they are true.
Trending on Canaltech:
- What is whey protein used for?
- What if a person only eats meat?
- A 5.1 user interface | When should Samsung release OS update?
- The increase in the number of small lakes on Earth is bad news for the climate
- Cybersecurity: Guess what was the most used password in Brazil in 2022
- Stool breath in the mouth can be caused by 3 different main problems
Camila Luna is a writer at Gossipify, where she covers the latest movies and television series. With a passion for all things entertainment, Camila brings her unique perspective to her writing and offers readers an inside look at the industry. Camila is a graduate from the University of California, Los Angeles (UCLA) with a degree in English and is also a avid movie watcher.