North Korean State-sponsored advanced persistent threat (APT) groups such as Lazarus, APT38, BlueNoroff, and Stardust Chollima have been targeting a variety of organisations in the blockchain technology and cryptocurrency industry, according to a joint security advisory issued by the Federal Bureau of Investigation, Cybersecurity and Infrastructure Security Agency (CISA) and US Treasury Department. “The activity described in this advisory involves social engineering of victims using a variety of communication platforms to encourage individuals to download trojanized cryptocurrency applications on Windows or macOS operating systems. The cyber actors then use the applications to gain access to the victim’s computer, propagate malware across the victim’s network environment, and steal private keys or exploit other security gaps,” the advisory said. Crypto-related frauds are also gaining prevalence in India such as the Morris Coin case where people were defrauded of Rs 1,200 crores. What are 'trojanized' crypto apps capable of? “The Lazarus Group used AppleJeus trojanized cryptocurrency applications targeting individuals and companies—including cryptocurrency exchanges and financial services companies—through the dissemination of cryptocurrency trading applications that were modified to include malware that facilitates theft of cryptocurrency,” said the advisory. Spear phishing tactics: “Intrusions begin with a large number of spearphishing messages sent to employees of cryptocurrency companies—often working in system administration or software development/IT operations (DevOps)—on a variety of communication platforms. The messages often mimic a recruitment effort and offer high-paying jobs to entice the recipients to download malware-laced cryptocurrency applications, which the U.S. government refers to as "TraderTraitor,” the advisory said. What is Trader Traitor? The advisory described…
