Hacker Group BlueNoroff Attacks Crypto Firms Using MacOS Devices Since 2023

Key Points:

• North Korean hacker group BlueNoroff is using a new malware campaign targeting MacOS devices.
• The campaign, dubbed “Hidden Risk,” has been active since April 2023, with the group leveraging malicious email lures and decoy PDFs to gain remote access to victims’ systems.

North Korean hacker group BlueNoroff has been targeting cryptocurrency firms with a new malware campaign. Notably, this also includes the exploitation of MacOS vulnerabilities.

Read more: North Korean Hackers Steal Millions Crypto By Faking Japanese Venture Capitalists And Banks 

Hacker Group BlueNoroff Targets MacOS Crypto Firms with New Malware Campaign

The malware is delivered through phishing emails via links to fake PDF documents many times on crypto news. When opened, the decoy PDF seems to be genuine, but in the background, malware is going to be downloaded, giving the hacker remote access to the system of the victim, through which the sensitive data including the private keys of digital wallets can be stolen.

The attack in October this year was attributed to a spate of such phishing incidents starting from April 2023 by cybersecurity firm SentinelOne. Researchers from the company uncovered the “Hidden Risk” campaign that involved headlines like “Hidden Risk Behind New Surge of Bitcoin Price” and “New Era for Stablecoins and DeFi.”

FBI and CISA Warn Crypto Industry About North Korean Hacking Threat

Hacker group BlueNoroff has targeted cryptocurrency-related businesses for a long time. The U.S. Department of the Treasury recently linked BlueNoroff to Lazarus, which allegedly has carried out several high-profile cyberattacks.

The FBI and CISA have warned of ongoing threats to the crypto industry from North Korean hacking groups. In December 2022, BlueNoroff amped up operations, registering at least 70 fake domain names masquerading as legitimate firms in attempts to breach victim computers and further extort money from its targets.