People working in cryptocurrency businesses are being targeted by Lazarus, a well-known threat actor with strong ties to the government of North Korea, law enforcement groups have warned.
The CISA, the FBI, and the US Treasury Department have banded together to issue a warning to firms in the cryptocurrency industry, urging them to be on their guard.
According to the warning, Lazarus is looking to infect endpoints in crypto firms with trojans, in order to try and drain them of their funds.
Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022 (opens in new tab). Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey (opens in new tab) to get the bookazine, worth $10.99/£10.99.
Multiple fake apps being distributed
As usual, the attacks start by threat actors assuming the identity (opens in new tab)of someone close, or of interest, to the victim.
“Intrusions begin with a large number of spearphishing messages sent to employees of cryptocurrency companies—often working in system administration or software development/IT operations (DevOps)—on a variety of communication platforms," it says in the warning.
"The messages often mimic a recruitment effort and offer high-paying jobs to entice the recipients to download malware (opens in new tab)-laced cryptocurrency applications, which the U.S. government refers to as TraderTraitor."
"Observed payloads include updated macOS and Windows variants of Manuscrypt, a custom remote access trojan (RAT), that collects system information and has the ability to execute arbitrary commands and download additional payloads," the federal agencies added.
> Hundreds of Crypto.com accounts hacked after it was hit by major data breach (opens in new tab)
> There's been yet another massive crypto heist (opens in new tab)
> The maker of Axie Infinity just suffered one of the largest heists in crypto history (opens in new tab)
There are multiple apps that are being referred to, by the security agencies, as TraderTraitor: DAFOM (cryptocurrency portfolio application for macOS), TokenAIS (portfolio builder for AI-based crypto trading for macOS), CryptAIS (portfolio builder for AI-based crypto trading for macOS), AlticGO (crypto price tracker and predictor for Windows), Esilet (crypto price tracker and predictor for macOS), and CreAI Deck (AI and deep learning platform for Windows and macOS).
Crypto companies are under a constant barrage of cyberattacks. Only recently, a flaw in the operations of Beanstalk Farms, a stablecoin protocol, has allowed an unknown threat actor to siphon $182 million from the network.
Before that, hundreds of millions of dollars in cryptocurrency were stolen after the Ronin Network, which provides the blockchain "bridge" that powers NFT game Axie Infinity, was compromised.
- Prevent state-sponsored hackers from stealing your cryptos with the best malware protection around (opens in new tab)
Via: BleepingComputer (opens in new tab)