North Korea’s BlueNoroff Targets Crypto Users on MacOS: Report
Cybersecurity firm SentinelLabs has warned of a significant threat targeting members of the crypto community using macOS. According to their findings, North Korean group BlueNoroff is spreading fake crypto news to trick users into downloading a multi-storage device malware infection on their MacBook. Dubbed the ‘Hidden Risk’ campaign, this attack has been circulating since early 2024. Once activated, the malware can phish victims, leading to potential financial losses.
The malware is activated via suspicious emails, SentinelLabs said in its report report. These emails contain fake crypto news that appears to be sent from the identity of a legitimate influencer.
“The emails hijack the name of a real person in an unrelated industry as the sender and claim to forward a message from a well-known crypto social media influencer,” the report said.
If the targeted macOS user opens the malicious URL attached to the email, users will be redirected to a PDF that says “delphidigital”[.]org’ domain, which is reportedly controlled by the BlueNoroff groups.
“The full URL currently serves a benign form of the Bitcoin ETF document with titles varying over time. However, at some point this URL was switched to the first phase of a malicious application bundle titled ‘Hidden Risk Behind New Surge of Bitcoin Price.app’,” the report said.
According to SentinelLabs, BlueNoroff has created an infrastructure network that focuses on cryptocurrency interests and mimics legitimate Web3 solutions. This allows the group to target individuals involved in cryptocurrencies and extract their information for phishing attacks.
So far, Apple has not commented on the findings published by the cybersecurity company.
In September, the FBI reported that crypto consumers lost more than $5.6 billion (approximately Rs. 47,029 crore) to cryptocurrency-related fraud in 2023, marking a 45 percent increase from 2022. The agency also noted a rise in crypto-targeted hacks attributed to North Korea.
In October, crypto tracking firm Arkham Intelligence revealed that an unknown hacker had compromised a US government crypto wallet using assets seized in the 2016 Bitfinex hack. Arkham reported that around $20 million (approximately Rs. 168 crore ) was stolen from the wallet.
Crypto community insiders have repeatedly warned individuals not to engage with crypto-related content from unknown or unverified sources.