Cybersecurity researchers have uncovered a sophisticated new malware campaign targeting cryptocurrency businesses, attributed to the North Korean hacking group BlueNoroff. The malware, dubbed “Hidden Risk” by researchers at SentinelLabs, specifically targets macOS systems and employs a multi-stage infection process involving decoy PDF documents. According to a recent report from SentinelLabs, the attack begins with phishing […] Сообщение North Korean Hackers Target Crypto Firms with New macOS Malware появились сначала на КриптоВики.
Cybersecurity researchers have uncovered a sophisticated new malware campaign targeting cryptocurrency businesses, attributed to the North Korean hacking group BlueNoroff. The malware, dubbed “Hidden Risk” by researchers at SentinelLabs, specifically targets macOS systems and employs a multi-stage infection process involving decoy PDF documents.
According to a recent report from SentinelLabs, the attack begins with phishing emails disseminating fabricated news stories about cryptocurrency trends. These emails contain malicious attachments disguised as legitimate PDF files. When a user downloads and opens the PDF, a separate malware file is surreptitiously downloaded onto their desktop in the background. This file then grants the attackers remote access to the victim’s computer, enabling them to steal private keys and potentially other sensitive information.
The report highlights the advanced nature of the malware, noting a novel persistence mechanism that abuses the Zsh configuration file, zshenv. This allows the malware to remain active even after the computer is restarted, giving attackers continued access to the compromised system.
.ub82b549bb09b61e19ddd64dbc5c124c2 , .ub82b549bb09b61e19ddd64dbc5c124c2 .postImageUrl , .ub82b549bb09b61e19ddd64dbc5c124c2 .centered-text-area { min-height: 80px; position: relative; } .ub82b549bb09b61e19ddd64dbc5c124c2 , .ub82b549bb09b61e19ddd64dbc5c124c2:hover , .ub82b549bb09b61e19ddd64dbc5c124c2:visited , .ub82b549bb09b61e19ddd64dbc5c124c2:active { border:0!important; } .ub82b549bb09b61e19ddd64dbc5c124c2 .clearfix:after { content: «»; display: table; clear: both; } .ub82b549bb09b61e19ddd64dbc5c124c2 { display: block; transition: background-color 250ms; webkit-transition: background-color 250ms; width: 100%; opacity: 1; transition: opacity 250ms; webkit-transition: opacity 250ms; background-color: #2C3E50; } .ub82b549bb09b61e19ddd64dbc5c124c2:active , .ub82b549bb09b61e19ddd64dbc5c124c2:hover { opacity: 1; transition: opacity 250ms; webkit-transition: opacity 250ms; background-color: #34495E; } .ub82b549bb09b61e19ddd64dbc5c124c2 .centered-text-area { width: 100%; position: relative; } .ub82b549bb09b61e19ddd64dbc5c124c2 .ctaText { border-bottom: 0 solid #fff; color: #e6e6e6; font-size: 16px; font-weight: bold; margin: 0; padding: 0; text-decoration: underline; } .ub82b549bb09b61e19ddd64dbc5c124c2 .postTitle { color: #ECF0F1; font-size: 16px; font-weight: 600; margin: 0; padding: 0; width: 100%; } .ub82b549bb09b61e19ddd64dbc5c124c2 .ctaButton { background-color: #34495E!important; color: #e6e6e6; border: none; border-radius: 3px; box-shadow: none; font-size: 14px; font-weight: bold; line-height: 26px; moz-border-radius: 3px; text-align: center; text-decoration: none; text-shadow: none; width: 80px; min-height: 80px; background: url(https://cryptomars.net/wp-content/plugins/intelly-related-posts/assets/images/simple-arrow.png)no-repeat; position: absolute; right: 0; top: 0; } .ub82b549bb09b61e19ddd64dbc5c124c2:hover .ctaButton { background-color: #2C3E50!important; } .ub82b549bb09b61e19ddd64dbc5c124c2 .centered-text { display: table; height: 80px; padding-left: 18px; top: 0; } .ub82b549bb09b61e19ddd64dbc5c124c2 .ub82b549bb09b61e19ddd64dbc5c124c2-content { display: table-cell; margin: 0; padding: 0; padding-right: 108px; position: relative; vertical-align: middle; width: 100%; } .ub82b549bb09b61e19ddd64dbc5c124c2:after { content: «»; display: block; clear: both; } READ Crypto Trader Cobie Burns $17 Million Worth of Gifted Memecoin
SentinelLabs assesses with “high confidence” that the same actor behind “Hidden Risk” is responsible for previous attacks attributed to BlueNoroff, including the RustDoor/ThiefBucket and RustBucket campaigns. This suggests a continuing evolution in the group’s tactics and techniques, specifically targeting the lucrative cryptocurrency industry.
The discovery of “Hidden Risk” underscores the increasing sophistication of North Korean cyber operations and the ongoing threat they pose to cryptocurrency businesses and individuals. MacOS users, often perceived as less vulnerable to malware than Windows users, are particularly at risk in this campaign. Users are urged to exercise extreme caution when opening email attachments, especially those related to cryptocurrency, and to ensure their systems are running up-to-date security software. Further investigation into the “Hidden Risk” campaign is ongoing, and security researchers are working to identify and mitigate the threat.
The post North Korean Hackers Target Crypto Firms with New macOS Malware appeared first on CryptoMars.
Сообщение North Korean Hackers Target Crypto Firms with New macOS Malware появились сначала на КриптоВики.
JOIN
