Crypto scammers are getting more creative, Microsoft warns of new threats

Microsoft revealed that malicious entities are getting more sophisticated every day. According to a new report, Telegram chat groups are being used to target cryptocurrency investment firms.

The tech giant identified a threat actor – DEV-0139 – infiltrating Telegram groups posing as representatives of a crypto platform.

Targeted attacks against crypto companies

The post, published by Microsoft’s Security Threat Intelligence team, said the threat actors had significant knowledge of the crypto investment industry and invited at least one target (posing as representatives of other crypto asset management firms) to another Telegram group one. The main goal is to engage and discuss a relevant topic in order to gain the target person’s trust.

The attackers sent them malware-laced Excel spreadsheets that contain well-crafted information to appear legitimate. Once opened, the weaponized Excel file enables macros, and a second spreadsheet embedded in the file downloads and parses a PNG file to find a malicious DLL, an XOR-coded backdoor, and a legitimate Windows executable extracting which will later be used to sideload the DLL will decrypt and load the backdoor. This essentially gives the attacker remote access to the target’s compromised system.

Microsoft was unable to retrieve the final payload, but detected another variant of this attack and retrieved the payload. The company’s findings highlighted the existence of other campaigns using the same techniques to target crypto companies.

The report concluded:

“The cryptocurrency market remains an area of ​​interest for threat actors. Targeted users are identified through trusted channels to increase the chances of success. While the largest companies can be targeted, smaller companies can also be interesting targets.”

The previous landscape of crypto scammers

The crypto market remains an area of ​​interest for threat actors, who are now leaning towards more sophisticated attacks to increase the chances of success.

According to a recent study by cybersecurity and privacy firm Privacy Affairs, the value of crypto mined by threat actors has increased by 37% to $4.3 billion in the first 11 months of the year. Of the 11 biggest cryptocurrency scams committed in 2022, Privacy Affairs claimed that the top 5 included the FTX failure, Axie Infinity’s Ronin Network attack in March ($615 million), the Wormhole crypto bridge hack in February ($320 million) and JuicyFields. io scam in July ($273 million) and others.

Rug pulls took a large share as more than 188,000 of them were recorded on various blockchains including BNB and Ethereum.

SPECIAL OFFER (sponsored)

Binance Free $100 (Exclusive): Use this link to sign up and get $100 free for the first month and a 10% discount on Binance Futures fees (Conditions).

PrimeXBT Special Offer: Use this link to register and enter the POTATO50 code to get up to $7,000 on top of your deposits.

Leave a Comment