In addition to falling crypto prices and bankrupt exchanges, hacks were also a huge problem this year. The North Korean hacker group Lazarus appears to have played a very prominent role for some time: it is a pirate for the North Korean government. Unfortunately, this group seems to be harassing crypto investors again with a new virus.
New crypto virus is floating around on Telegram
Microsoft writes that in a blog post. An attacker now carrying the DEV-0139 attribute posed as a crypto company on Telegram. Here it distributed an excel file with comparisons of the commissions charged by the crypto exchanges Binance, Huobi and OKX, with the aim of helping people in the groups.
Unfortunately, this also contained a virus, and Microsoft notes that the attacker is very thoughtful about this. The hacker testifies to have a lot of knowledge, to prepare well and to make extra efforts to gain the trust of victims.
The document actually contained spy software that allowed the attacker a backdoor into the victim’s system. This basically allows you to get information like private keys steal cryptocurrencies. It is not clear if and how much money was stolen.
Don’t download files!
Compromised friends may send a weaponized Excel file with the name “exchange fee comparision.xls”. It contains malicious code, encrypted backdoor and etc.
Hackers target the cryptocurrency industry – Microsoft Security Blog https://t.co/62F1Yh4u5u
— CZ 🔶 Binance (@cz_binance) December 7, 2022
Is Lazarus Group behind this?
According to Microsoft, this is a new variant of the AppleJeus virus, which was first described in 2020 by Kaspersky. This virus was developed by Lazarus Group, a North Korean state-sponsored hacker group. Microsoft suggests that it is the same attacker again this time.
Lazarus has been behind major crypto hacks for years. For the US government, this group was an important reason to ban the crypto-mixer Tornado Cash for Americans. Lazarus would use this service to launder large amounts of money. At the beginning of this year, the crypto regulation news reported that the North Korean government is financing its nuclear weapons program with these hacks. These plans would have been jeopardized by the low prices.