Quote:The cryptocurrency market has grown considerably in recent years, although not in recent months admittedly, and in the process has attracted a wide variety of phishing scams and scammers targeting crypto enthusiasts. It now looks as though there is a new type of scam that is targeting the crypto industry.



Overview of the threatThe Microsoft Security Threat Intelligence team has published a new report outlining the details of a new threat to cryptocurrency investment companies that is targeting them via Telegram. Microsoft is referring to the new threat actor as DEV-0139. The says:

“DEV-0139 joined Telegram groups used to facilitate communication between VIP clients and cryptocurrency exchange platforms and identified their target from among the members. The threat actor posed as representatives of another cryptocurrency investment company, and in October 2022 invited the target to a different chat group and pretended to ask for feedback on the fee structure used by cryptocurrency exchange platforms.”

This marks an escalation of the common phishing-type scams that see malicious actors trying to trick unsuspecting victims into clicking links to infected sites or downloading malicious files. In this instance, through exhibiting a broader knowledge of the crypto industry, DEV-0139 has been able to gain the trust of representatives from crypto investment companies and trick them into acting against their own interests.

Once contact has been established and trust gained, DEV-0139 pushes victims to download a “weaponized Excel file” called OKX Binance & Huobi VIP fee comparision.xls. Although this file does contain information and tables that look reputable, it also initiates a string of events that lead to the opening of backdoors that give DEV-0139 remote access to the machine.

Microsoft has not attributed this attack to any specific actor or group, instead focusing on the identifier DEV-0139. However, according to a report by BleepingComputer, threat intelligence firm Volexity has published similar findings to Microsoft and connects the threat actor to the North Korean Lazarus Threat Group. The report goes on to say that this group is also thought to be responsible for other big attacks such as the WannaCry ransomware attack of 2017.

This story highlights just how important it is to be careful when interacting online and when clicking links or downloading files. Phishing scams are becoming increasingly prevalent and dangerous, which is why we recommend familiarising yourselves with the tell-tale signs of phishing scams as shown in this infographic looking at scam emails and correspondences.
...