Microsoft and cybersecurity company Volexity have identified a fresh danger to those who invest in virtual currencies: spyware is hidden inside an Excel document.
The malicious user, identified by Microsoft as DEV-0139, was connected to the infamous North Korean hacker group Lazarus Group utilizing the malware variants AppleJeus and Microsoft installation (MSI). Microsoft affirms that the most recent threat is evidence of the malicious actors’ growing expertise in recent months.
According to Microsoft, attacks on this market have taken many different shapes as hackers try to get their hands on cryptocurrency cash. These attacks have included fraud, vulnerability exploitation, fraudulent applications, and the use of information stealers. We are also witnessing more sophisticated attacks where the threat actor displays excellent knowledge and planning by making efforts to win the trust of their target prior to distributing payloads.
According to the report, the latest threat saw the hackers target digital asset investment companies on Telegram by joining investment groups on the chat platforms. Posing as another investment company, the hackers invited targets to another chat group while asking for feedback on the fee structure used by digital asset trading companies.
Using superior industry knowledge, the bad actors gained the victims’ trust and sent an Excel file named “OKX Binance & Huobi VIP fee comparision.xls” containing tables on the fee structure of the exchanges. However, the excel document serves as a trojan horse containing a malicious macro that launches an array of malware into the victim’s systems when opened.
Microsoft’s report warned digital asset investment funds to remain wary of unsolicited communication on social media platforms and promote the habit of deleting unexpected emails. Other preventive measures include ensuring that Microsoft Defender Antivirus is running and that end users should imbibe good credential hygiene by ensuring that Microsoft Defender Firewall is deployed.
Lazarus group is at the center of it all
North Korean hacking group Lazarus has been fingered as the brains behind the new scheme, given their antecedents. Cybersecurity firm Volexity noted that the state-sponsored group had previously used a variant of the malware.
Kaspersky Labs was the first to raise the alarm over the use of the variant back in 2020, while the U.S. Federal Cybersecurity and Infrastructure Security Agency documented it in 2021 following a string of attacks in energy, finance, and telecommunications in European Union countries.
Lazarus has been linked to several dastardly attacks in the digital asset industry, including the $625 million Axie Infinity hack and several attacks on Japanese exchanges.
Watch: The BSV Global Blockchain Convention presentation, Sentinel Node: Blockchain Tools to Improve Cybersecurity
Subscribe to AFK Free Media on Google News.