North Korean state-sponsored hackers expanded their arsenal, launching a new campaign dubbed ‘Hidden Risk’ that seeks to infiltrate crypto firms through malware disguised as legitimate documents.

In a Thursday report, hack research firm SentinelLabs connected the latest campaign to the notorious BlueNoroff threat actor, a subgroup of the infamous Lazarus Group, known for siphoning off millions to fund North Korea's nuclear and weapons programs.

The series of attacks is a calculated effort to extract funds from the fast-growing $2.6 trillion crypto industry, taking advantage of its decentralized and often under-regulated environment. 

The FBI recently issued warnings about North Korean cyber actors increasingly targeting employees of DeFi and ETF firms through tailored social engineering campaigns. 

The hackers’ latest campaign appears to be an extension of those efforts, focusing on breaching crypto exchanges and financial platforms.

Instead of their usual strategy of grooming social media victims, the hackers rely on phishing emails that appear as crypto news alerts, which began cropping up in July, according to the report.

Social media grooming typically refers to an elaborate strategy where cybercriminals build trust with targets over time by engaging with them on platforms like LinkedIn or Twitter. 

The emails, disguised as updates on Bitcoin (BTC) prices or the latest trends in decentralized finance (DeFi), lure victims into clicking on links that appear to lead to legitimate PDF documents, per the report.

But rather than opening a harmless file, unsuspecting users inadvertently download a malicious application onto their Macs.

The report found the new malware more concerning because it cleverly bypasses Apple’s built-in security protections. The hackers get their software signed with legitimate Apple Developer IDs, allowing it to evade macOS’s Gatekeeper system. 

Once installed, the malware uses hidden system files to stay undetected, even after the computer is restarted, and it communicates with remote servers controlled by the hackers.

The SentinelLabs report advises macOS users, particularly within organizations, to tighten their security measures and heighten their awareness of possible risks.

Edited by Sebastian Sinclair

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。