The co-founder of deBridge Finance accused Lazarus Group of being the culprit in this cross-banana protocol attack through an email containing a malicious file.
The notorious hacking organization, backed by North Korea, Lazarus group has been identified as the perpetrator of a cyber attack against deBridge Finance. Cross-chain protocol co-founder and project lead, Alex Smirnov, alleges that the attack vector was through an email, in which several team members received a PDF file titled “New Salary Adjustment” from a fake address that copies the CEO’s address.
While deBridge Finance tries to prevent the phishing attack, Smirnov warns that the fraud campaign is likely to broadly target Web3-focused platforms.
According to a long Twitter thread by moderators, most team members immediately flagged the email as suspicious, but one person downloaded and opened the file. This helped them investigate the attack vector and understand its consequences.
Smirnov further explains that macOS users are safe, as opening the link on a Mac will result in a zip archive with the normal PDF file Adjustments.pdf. On the other hand, the Windows system is not immune to dangers. Instead, Windows users will be redirected to an archive with a suspicious password-protected pdf file with the same name and an additional file named Password.txt.lnk.
The text file will basically infect the system. Therefore, the lack of anti-virus software will help the malicious file to enter the machine and will be saved in the autostart folder, after which a simple script will start sending repeated requests to communicate with the attacker to receive instructions.
“The attack vector is as follows: user opens a link from email -> downloads & opens archive -> tries to open PDF, but PDF asks for a password -> user opens password.txt.lnk and infects the whole system.”
The co-founder then urged the firms and their employees to never open email attachments without verifying the sender’s full email address and to have an internal protocol for how teams share attachments.
“Please stay SAFU and share this thread to let everyone know about potential attacks.”
It can be seen that cross-chain protocols have always been the main target of this criminal organization. This latest attack has almost the same implementation method as previous attacks done by this organization.
DISCLAIMER: The Information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.
Join CoinCu Telegram to keep track of news: https://t.me/coincunews
Follow CoinCu Youtube Channel | Follow CoinCu Facebook page
Foxy
CoinCu News
Discover why Qubetics, Solana, and Cardano are redefining the crypto landscape. Learn about milestones, price…
Discover why Qubetics, NEAR Protocol, and Immutable X are the best altcoins to join today,…
BTFD Coin is offering a chance to relive the glory days of meme coin investing,…
Explore key takeaways from BlockDAG’s AMA, showcasing strides in scalability, growth of the ecosystem, and…
Discover why Qubetics, Polkadot, and Cosmos are the best cryptos with 1000X potential, offering innovation,…
Explore the best coins to buy in December 2024—Qubetics with its thrilling presale, Polkadot’s interoperability,…
This website uses cookies.