GearriceGearrice
  • Brands
  • Social Media
Featured

Why are NFTs the most effective method for tokenizing your collectibles?

03/02/2023

Understanding Some Basics About Stablecoins

03/02/2023

What Is Bitcoin and How to Buy Bitcoin?

03/02/2023

What is DeFi Yield Farming and how does it work?

03/02/2023
Facebook Twitter Instagram
Facebook Twitter Instagram Pinterest
Gearrice Gearrice
Subscribe
  • Tech World
  • Best Deals
  • Gaming
  • Mobile Zone
    • Android
    • Apple
  • Smart Home
GearriceGearrice
Home»Mobile Zone»Android»Beware of this Excel file that launches macros to empty your wallet of cryptos

Beware of this Excel file that launches macros to empty your wallet of cryptos

By Elizabeth George05/12/20222 Mins Read
Share
Facebook Twitter LinkedIn Pinterest
The Lazarus Group strikes again. It attacks cryptocurrency users and empties their wallets if they use a Windows-based computer.
Credits: Pixabay

The North Korean hacker group Lazarus has struck again. According to a paper published by Volexity, they have launched a campaign targeting cryptocurrency users and organizations with a variant of the AppleJeus malware. Cybercriminals use a cryptocurrency-themed website whose content comes from a legitimate site. Visitors to this fake site are tricked into downloading an application which actually installs a DLL, which later installs the AppleJeus malware on the victim’s Windows PC. The latter accesses the Internet and steals their cryptocurrencies. The malware in question is well known to cybercrime services. It would have appeared on their radars as early as 2018. The version used in this campaign, however, is different.

To read — Bitcoin: for the European Central Bank, the most famous cryptocurrency is obsolete

The phishing campaign launched by Lazarus Group reportedly started in June 2022 and spanned several months. The hackers reportedly used the “BloxHolder” domain, which copies content from the HaasOnline crypto exchange platform. The hacker site claimed to distribute a legitimate application called QTBitcoinTrader. In reality, the latter was infested with malware. The criminals then evolved their concept: rather than proposing a corrupt installer, they placed their virus in an Excel file called “OKX Binance & Huobi VIP fee comparision.xls” . The latter contained a macro that created three files on the computer of their victims.

The virus is installed through a macro placed in a Microsoft Excel file

Once installed, the malware collects the MAC address of its target, the name of the computer as well as the version of the operating system and sends them to a control center. According to the researchers, the novelty of the technique used by hackers lies in the fact that the DLLs are loaded through procedures authorized by Windowswhich prevents antiviruses from spotting their malicious action.

Lazarus Group made headlines for the first time in 2017, with the famous WannaCry which devastated thousands of PCs. He is also accused of committing the biggest cryptocurrency theft of all time. Washington offers $5 million bounty to whom can give information allowing them to stop their activities.

Source: Bleeping Computer

Related Posts

Why are NFTs the most effective method for tokenizing your collectibles?

Signs That You Need a Workflow Management Platform For Your Business

5 Reasons Why You Should File Your Crypto Taxes

Add A Comment

Leave A Reply Cancel Reply

Gearrice
Facebook Twitter Instagram Pinterest
© 2023 Gearrice.

Type above and press Enter to search. Press Esc to cancel.