Microsoft, along with cybersecurity company Volexity, has a new threat discovers. The threat allows hackers to steal virtual currency through malware embedded in an Excel work document.
Threat ‘DEV-0139’
The threat is labeled by Microsoft as ‘DEV-0139’ and may be associated with the North Korean hacking gang known as the Lazarus Group. They have released a new variant of malware known as ‘AppleJeus’. Microsoft has confirmed that the latest threat is a testament to the level of sophistication the hackers have achieved in recent months. Microsoft said the following in a statement:
Attacks targeting this market have taken many forms, including fraud, exploitation of vulnerabilities, bogus applications, and the use of information thieves, as attackers attempt to get their hands on cryptocurrency funds. We also see more complex attacks where the threat actor demonstrates great knowledge and preparation and takes steps to gain the trust of its target before deploying payloads.
Hackers first gained the trust of victims
The hackers reportedly targeted digital asset investment companies through Telegram’s messaging service with the new malware. This by initially joining various investment groups and posing as another investment company. This allowed them to lure victims into their own chat groups while asking for feedback on, among other things, the fee structure used by digital asset trading companies. This allowed them to go unnoticed at first.
Subsequently, they essentially gained the trust of their victims. After gaining this trust, they sent an excel file called ‘OKX Binance & Huobi VIP fee comparison.xls’ which is an excel file. However, this file does not function as a regular Excel sheet, but rather as a Trojan horse with a malicious macro running in the background. Once opened, the victim’s system was injected with malware, after which the hackers took control.
Microsoft warned digital asset investment funds in their report to remain wary of unsolicited communications on social media platforms and promote the practice of deleting unexpected emails. Other preventive measures include ensuring that a properly working antivirus is installed on the systems with a properly working firewall. Although this may not cover 100%, it is a very good start to prevent a possible hack.
The Lazarus Hack Group
The hacking group from North Korea, the Lazarus Group, is now seen as the mastermind behind the new plan. Cybersecurity company Volexity noted that the state-sponsored group had previously deployed a variant of virtually the same malware.
At the time, Kaspersky Labs, known for its antivirus program Kaspersky, sounded the alarm about the use of that variant in 2020. Lazarus has been linked to several dastardly attacks in the digital asset industry, including the $625 million Axie Infinity hack and several attacks on Japanese crypto exchanges. It is not yet known how large-scale this cyber attack is exactly. Potentially, however, a lot can be looted.