North Korea’s BlueNoroff Group Reportedly Targeting Crypto Community Members on MacOS

The malware is triggered through suspicious emails, according to SentinelLabs.

Written by Radhika Parashar, Edited by Siddharth Suvarna | Updated: 8 November 2024 18:48 IST

North Korea’s BlueNoroff Group Reportedly Targeting Crypto Community Members on MacOS

Photo Credit: Unsplash/ Towfiqu Barbhuriya

Apple has yet to respond to the report

Highlights

The malicious campaign is reportedly called ‘Hidden Risk’
MacOS users said to receive malicious URLs in the form of emails
The FBI saw 45 percent rise in crypto frauds last year compared to 2022

Cybersecurity firm SentinelLabs has raised an alert over a significant threat targeting crypto community members using macOS. According to their findings, the North Korean group BlueNoroff is distributing fake crypto news to entice users into downloading a multi-storage malware infection onto their MacBook. Dubbed the "Hidden Risk" campaign, this attack has been circulating since early 2024. Once activated, the malware can phish victims, leading to potential financial losses.

The malware is triggered via suspicious mails, SentinelLabs said in its report. These emails feature fake crypto news that appears to have been sent from the identity of a legitimate influencer.

“The emails hijack the name of a real person in an unrelated industry as a sender and purport to be forwarding a message from a well-known crypto social media influencer,” the report said.

UBS Completes Pilot of Blockchain Solution for Tokenised Assets

If the target macOS user opens the malicious URL attached to the email it redirects users to a PDF with the ‘delphidigital[.]org' domain, which is reportedly controlled by the BlueNoroff groups.

“The full URL currently serves a benign form of the Bitcoin ETF document with titles that differ over time. However, at some point, this URL has or does switch to serving the first stage of a malicious application bundle entitled ‘Hidden Risk Behind New Surge of Bitcoin Price.app',” the report noted.

According to SentinelLabs, BlueNoroff has established a network of infrastructure focused on cryptocurrency interests, mimicking legitimate Web3 solutions. This enables the group to target individuals engaged in crypto, extracting their information for phishing attacks.

JPMorgan Rebrands Blockchain Unit from ‘Onyx’ to ‘Kinexys’: Details

So far, Apple has not responded to the findings published by the cybersecurity firm.

In September, the FBI reported that crypto consumers lost over $5.6 billion (roughly Rs. 47,029 crore) to cryptocurrency-related fraud in 2023, marking a 45 percent increase from 2022. The agency also noted a rise in crypto-focused hacks attributed to North Korea.

In October, crypto tracking firm Arkham Intelligence revealed that an unknown hacker had compromised a US government crypto wallet containing assets seized from the 2016 Bitfinex hack. Arkham reported that around $20 million (roughly Rs. 168 crore) had been stolen from the wallet.

Crypto community insiders have repeatedly warned individuals to avoid engaging with crypto-related content from unfamiliar or unverified sources.

Comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Further reading: Cryptocurrency, SentinelLabs, BlueNoroff, Crypto Community, MacBook, MacOS

Radhika Parashar

Email Radhika

Radhika Parashar is a senior correspondent for Gadgets 360. She has been reporting on tech and telecom for the last three years now and will be focussing on writing about all things crypto. Besides this, she is a major sitcom nerd and often replies in Chandler Bing and Michael Scott references. For tips or queries you could reach out to her at RadhikaP@ndtv.com. More