North Korean state-sponsored hackers have launched a new campaign called ‘Hidden Risk,’ targeting cryptocurrency firms with malware disguised as legitimate documents. According to a report by SentinelLabs, this campaign is linked to the BlueNoroff threat group, part of the notorious Lazarus Group, known for stealing funds to support North Korea. This strategic attack aims at the rapidly growing $2.6 trillion crypto industry, which presents a decentralized and loosely regulated environment. The FBI has recently warned employees of DeFi and ETF firms about increasing cyber threats from North Korean actors through social engineering tactics. Unlike previous methods that relied on social media grooming, hackers now employ phishing emails that appear to be crypto news updates to entice victims into downloading malware. This new malware evades Apple’s security by using forged Developer IDs, thereby bypassing the macOS Gatekeeper system and remaining undetected even after system restarts. SentinelLabs advises enhanced security measures for macOS users within organizations to mitigate these risks.

Source 🔗