North Korean hacker BlueNoroff targets crypto firms with new malware


From cointelegraph by Vince Quill

NEWSCOINTELEGRAPH IN YOUR SOCIAL FEEDFollow ourSubscribe on

BlueNoroff, the notorious North Korean hacking group behind a series of phishing and cybersecurity attacks since 2019, is now targeting cryptocurrency firms with a new malware designed specifically to infiltrate Apple’s macOS.

According to a report from SentinelLabs, the malware operation nicknamed “Hidden Risk” is spread through PDF files in multiple stages. The threat actors use fake news headlines and legitimate crypto market research to lure in unsuspecting individuals and companies.

Once the user downloads the PDF file, a seemingly legitimate decoy PDF is downloaded and opened, while the malware downloads as a separate file on the macOS desktop in the background.

This malware package contains a number of functions designed to give the hackers a backdoor to remotely access a victim’s computer to steal sensitive information, including private keys for digital asset wallets and platforms.

A map of the BlueNoroff exploit. Source: SentinelLabs

Related: Lazarus Group exploited Chrome vulnerability with fake NFT game

FBI issues warning about North Korean hackers

The United States Federal Bureau of Investigation (FBI) has issued several warnings about BlueNoroff, the broader Lazarus hacking group, and other malicious actors with ties to the North Korean regime over the past several years.

In April 2022, the law enforcement agency and the Cybersecurity and Infrastructure Security Agency (CISA) sounded the alarm and advised crypto firms to take precautionary steps to mitigate the risks posed by the state-sanctioned hacking groups.

Following the warning, BlueNoroff initiated another phishing campaign in December 2022 targeting companies and banks. The threat actors created more than 70 fraudulent domain names designed to disguise the hackers as legitimate venture capital firms to gain access to the target victim’s computers and steal funds.