According to Microsoft, the threat organization DEV-0139 has targeted cryptocurrency investment firms. The businesses’ VIP clients reportedly communicated with each other using Telegram groups.
Read CRYPTONEWSLAND onMicrosoft recently investigated an attack where the threat actor, tracked as DEV-0139, took advantage of Telegram chat groups to target cryptocurrency investment companies.
company’s Security Threat Intelligence team
The team added:
DEV-0139 joined Telegram groups used to facilitate communication between VIP clients and cryptocurrency exchange platforms and identified their target from among the members.
Attackers with extensive knowledge of the cryptocurrency investment sector welcomed at least one victim to another Telegram channel. This happened on October 19 by impersonating officials of other crypto asset management companies. Here, they requested comments on the fee structures of cryptocurrency exchange sites.
Once they had their targets’ confidence, the threat actors gave them “OKX Binance & Huobi VIP fee comparision.xls.” This is allegedly a malicious Excel file. The spreadsheets contained data comparisons comparing the VIP fee structures of several cryptocurrency exchange businesses. Additionally, this was probably accurate to improve credibility.
A second worksheet would download onto the victim’s computer after they open the file and activate macros. The malicious DLL will then be extracted by parsing a PNG file. This is an XOR-encoded backdoor that was later sideloaded by a legitimate Windows application.
The attackers will have remote access to the victim’s infected PC thanks to this DLL’s ability to decode and load the backdoor.
The main sheet in the Excel file is protected with the password dragon to encourage the target to enable the macros, Microsoft explained.
As part of this campaign, DEV-0139 also sent a second payload, an MSI package for the CryptoDashboardV2 application. This implies that they are also responsible for other assaults that use the same method to push unique payloads.
Among the contenders for explosive growth are a handful of meme coins. These cheeky tokens…
🚀 Post-Bitcoin Halving Update! Explore top altcoins poised for massive growth in 2024. #Cryptocurrency #Bitcoin…
FBI arrests Dalpour, accused of $43M Ponzi scheme, using fabricated docs and fake promises of…
Investors are eyeing these familiar names and wondering if now is the time to invest…
With the bull run of 2024 picking up speed, industry specialists are making strategic purchases…
May brings fresh developments in the cryptocurrency market, with several key players poised to make…