According to Microsoft, the threat organization DEV-0139 has targeted cryptocurrency investment firms. The businesses’ VIP clients reportedly communicated with each other using Telegram groups.
Read CRYPTONEWSLAND onMicrosoft recently investigated an attack where the threat actor, tracked as DEV-0139, took advantage of Telegram chat groups to target cryptocurrency investment companies.
company’s Security Threat Intelligence team
The team added:
DEV-0139 joined Telegram groups used to facilitate communication between VIP clients and cryptocurrency exchange platforms and identified their target from among the members.
Attackers with extensive knowledge of the cryptocurrency investment sector welcomed at least one victim to another Telegram channel. This happened on October 19 by impersonating officials of other crypto asset management companies. Here, they requested comments on the fee structures of cryptocurrency exchange sites.
Once they had their targets’ confidence, the threat actors gave them “OKX Binance & Huobi VIP fee comparision.xls.” This is allegedly a malicious Excel file. The spreadsheets contained data comparisons comparing the VIP fee structures of several cryptocurrency exchange businesses. Additionally, this was probably accurate to improve credibility.
A second worksheet would download onto the victim’s computer after they open the file and activate macros. The malicious DLL will then be extracted by parsing a PNG file. This is an XOR-encoded backdoor that was later sideloaded by a legitimate Windows application.
The attackers will have remote access to the victim’s infected PC thanks to this DLL’s ability to decode and load the backdoor.
The main sheet in the Excel file is protected with the password dragon to encourage the target to enable the macros, Microsoft explained.
As part of this campaign, DEV-0139 also sent a second payload, an MSI package for the CryptoDashboardV2 application. This implies that they are also responsible for other assaults that use the same method to push unique payloads.
Hong Kong's adoption of mainland China's e-CNY reshapes cross-border finance, with over 120M wallets opened…
The standout performer identified is #BlastUP, which shows the highest potential due to its innovative…
🌐 Tether, TON, and Oobit team up to make crypto transactions smoother than ever. 💳…
#CYBRO tokens are available at discounts of 3 times off their future market price, generating…
Analysts contemplate #XRP's unique possibility of outperforming #Bitcoin and #Ethereum this cycle. #Crypto #Altcoins #ETH…
Singapore, Singapore, May 17th, 2024, ChainwireMining Now, a trusted and reputable real-time crypto-mining insights provider…