North Korean Malware Attacks Mac Users in Crypto Industry

Image by DC Studios, from Freepik

North Korean Malware Attacks Mac Users in Crypto Industry

Reading time: 2 min

In a Rush? Here are the Quick Facts!

  • The hacking group, BlueNoroff, launched the “Hidden Risk” campaign in April 2023.
  • Malware spreads via fake cryptocurrency news updates in phishing emails.
  • Attack enables remote control and data theft from infected devices.

A new report by cybersecurity firm SentinelOne highlights a wave of advanced malware attacks targeting cryptocurrency firms, specifically those using macOS devices.

The attacks, attributed to North Korean hackers associated with the “BlueNoroff” group, employ phishing emails and deceptive links to infiltrate corporate systems and steal funds.

Technical evidence linked the campaign to BlueNoroff, a subgroup recently identified by the U.S. Treasury as part of Lazarus, North Korea’s most notorious government-backed hacking group, as noted by The Record.

The BlueNoroff campaign, known as “Hidden Risk,” reportedly began in April 2023 and uses fake cryptocurrency news updates to lure victims.

Malicious applications disguised as PDF documents trick users into downloading malware. These phishing emails often appear to be from reputable sources in the crypto industry, containing links to “reports” that, instead, install a malware application.

Titles like “Hidden Risk Behind New Surge of Bitcoin Price” are crafted to look credible, duping users into opening the files.

SentinelOne’s report highlights an innovative tactic within the campaign: using the “zshenv” file, a hidden macOS system file, to keep the malware persistent. This method allows the malware to evade detection by not triggering typical macOS security alerts.

Once embedded, the malware installs a backdoor, enabling attackers to remotely control infected devices, execute commands, and harvest data.

This campaign aligns with North Korea’s long-standing interest in cryptocurrency as a funding source. In September 2024, the FBI issued warnings about North Korean hackers targeting decentralized finance (DeFi) platforms and crypto firms through phishing.

The “Hidden Risk” campaign underscores the group’s evolving techniques, particularly in targeting macOS vulnerabilities.

SentinelOne’s findings underscore the importance of caution in the crypto industry. Security experts recommend that firms enhance their security protocols, educate employees on phishing threats, and exercise caution when handling unexpected emails or applications.

Did you like this article? Rate it!
I hated it I don't really like it It was ok Pretty good! Loved it!

We're thrilled you enjoyed our work!

As a valued reader, would you mind giving us a shoutout on Trustpilot? It's quick and means the world to us. Thank you for being amazing!

Rate us on Trustpilot
0 Voted by 0 users
Title
Comment
Thanks for your feedback
Loader
Please wait 5 minutes before posting another comment.
Comment sent for approval.

Leave a Comment

Loader
Loader Show more...