A state-sponsored APT group known as BlueNoroff has been discovered by researchers targeting cryptocurrency startups with phoney MetaMask browser extensions in a cyberattack operation called SnatchCrypto.
According to researchers, SnatchCrypto concentrates on multiple startup crypto companies that transact with smart contracts and cryptocurrencies, blockchain, and the fintech industry.
Based on reports, startup companies commonly receive files or letters from unfamiliar sources from venture companies distributing them contracts or files related to business.
Moreover, the campaign eyed the employees in cryptocurrency-related companies and was sent Windows malware with spying capabilities. The malware impersonates a contract or another business document to steal from the crypto wallet of the target.
Approximately 15 venture companies and employees have been exploited in the SnatchCrypto attack wherein cybercriminals tampered with the MetaMask malicious extension.
BlueNoroff operates around a complex infrastructure that includes numerous exploits and malware payloads to target more than ten countries worldwide.
Based on recent findings, the countries that BlueNoroff heavily targets are the USA, the UAE, Czech Republic, China, Hong Kong, Ukraine, Vietnam, Russia, Slovenia, Singapore, Poland, and India.
As stated, the threat actors deploy a Windows backdoor to startup workers that impersonate a contract or another business file. If the target opens the compromised file on a system connected to the internet, another macro-enabled file is downloaded to spread malware. This operation sends all essential information and a PowerShell agent to the threat actors and develops a backdoor.
BlueNoroff also spreads additional tools to spy on victims, such as screenshot capturers and keyloggers. Hence, the attackers can find a target and illegally use the stolen information to take cryptocurrency.
The onslaught on cryptocurrency entities increases and attackers formulate and develop new strategies to bait their targets. Cryptocurrency firms, especially the newcomers, are advised to train their workers to be more vigilant with emails and sensitive data.
Experts recommend that everyone utilise threat intelligence that enables threat detection, investigation, and mitigation.