Crypto Firms Under Attack as New Telegram Malware Deployed By CoinEdition
[ad_1]
Crypto Firms Under Attack as New Telegram Malware Deployed- Microsoft (NASDAQ:) unveils attack targetting cryptocurrency firms.
- The attackers used an excel sheet to infect the victim’s system.
- This attack was linked to North Korea’s Lazarus Group.
Microsoft’s security team has uncovered an attack in which a malicious actor targeted several cryptocurrency investment firms. The attacker, identified as DEV-013, infiltrated Telegram channels by pretending to work for a cryptocurrency investment firm. The bad actors pretended to connect with VIP clients of major exchanges to discuss trading fees.
“DEV-0139 joined Telegram groups used to facilitate communication between VIP clients and cryptocurrency exchange platforms and identified their target from among the members,” Microsoft added.
The attacker’s plan was to get cryptocurrency investment money to download an Excel spreadsheet named “OKX Binance & Huobi VIP fee comparision.xls.” The document accurately details the fees charged by various cryptocurrency exchanges; however, it also contains a malicious macro that secretly launches another copy of Excel in invisible mode.
When the victim opens the file and turns on macros, a second worksheet in the document downloads and parses a PNG file, from which it extracts a malicious DLL, an XOR-encoded backdoor, and a simple Windows executable that is then used to sideload the DLL. …
The post Crypto Firms Under Attack as New Telegram Malware Deployed appeared first on Coin Edition.
See original on CoinEdition
[ad_2]
Source link
Crypto Firms Under Attack as New Telegram Malware Deployed- Microsoft (NASDAQ:) unveils attack targetting cryptocurrency firms.
- The attackers used an excel sheet to infect the victim’s system.
- This attack was linked to North Korea’s Lazarus Group.
Microsoft’s security team has uncovered an attack in which a malicious actor targeted several cryptocurrency investment firms. The attacker, identified as DEV-013, infiltrated Telegram channels by pretending to work for a cryptocurrency investment firm. The bad actors pretended to connect with VIP clients of major exchanges to discuss trading fees.
“DEV-0139 joined Telegram groups used to facilitate communication between VIP clients and cryptocurrency exchange platforms and identified their target from among the members,” Microsoft added.
The attacker’s plan was to get cryptocurrency investment money to download an Excel spreadsheet named “OKX Binance & Huobi VIP fee comparision.xls.” The document accurately details the fees charged by various cryptocurrency exchanges; however, it also contains a malicious macro that secretly launches another copy of Excel in invisible mode.
When the victim opens the file and turns on macros, a second worksheet in the document downloads and parses a PNG file, from which it extracts a malicious DLL, an XOR-encoded backdoor, and a simple Windows executable that is then used to sideload the DLL. …
The post Crypto Firms Under Attack as New Telegram Malware Deployed appeared first on Coin Edition.
See original on CoinEdition
About The Author
