Cryptocurrency startups around the world are falling victim to the BlueNoroff cybergroup, which is stealing their digital assets. Experts from Kaspersky Lab reported this to Cryplogger.
According to them, BlueNoroff sends letters purporting to be from existing venture capital companies as a bait to force the victim to open the attachment to the letter, a macro-enabled document.
The researchers found that the hackers misused the trademarks and names of employees of more than 15 venture capital organizations. Experts are sure that real companies have nothing to do with attacks or emails.
“If the device is not connected to the Internet, a macro-enabled document is not dangerous. Otherwise, it will download another document deploying malware to the victim’s device,” explained Kaspersky Lab.
In addition to infected Word documents, attackers distribute malware in archive files with Windows shortcuts. They allow you to create a fully functional backdoor in the future. BlueNoroff uses keyloggers and screenshot programs to monitor the victim.
“When they find a suitable potential victim that uses a popular browser extension to manage crypto wallets like Metamask, they replace it with a fake version,” the researchers said.
Attackers also receive a notification about large transfers and, at the time of the transaction, intercept it, changing the recipient’s address and increasing the amount of the transfer to the maximum.
BlueNoroff is part of the North Korean Lazarus group and uses its diversified structure and advanced technology to attack users in different countries.
To protect against hackers, Kaspersky Lab experts recommend conducting regular network audits, using up-to-date solutions to protect against complex attacks, and training employees in the basics of cybersecurity.
Recall, according to Chainalysis, in 2021, North Korean hackers stole $400 million in cryptocurrencies.