Microsoft revealed that malicious entities are getting more sophisticated by the day. According to a new report, Telegram chat groups are being used to target cryptocurrency investment companies.
The tech giant identified a threat actor – DEV-0139 – who infiltrated Telegram groups posing as a representative of a crypto platform.
Targeted Attacks Against Crypto Companies
The post published by Microsoft’s Security Threat Intelligence team stated the threat actors had significant knowledge of the crypto investment industry and invited at least one target (posing as representatives of other crypto asset management firms) to another Telegram group. The main goal is to engage and discuss a relevant topic to gain the target’s trust.
The attackers sent them malware-laced Excel spreadsheets that contain well-crafted information to appear legitimate. Once opened, the weaponized Excel file enables macros, and a second worksheet embedded in the file will download and parse a PNG file to extract a malicious DLL, an XOR-encoded backdoor, and a legitimate Windows executable later used to sideload the DLL, which will decrypt and load the backdoor. This will essentially provide the threat actor with remote access to the target’s compromised system.
Microsoft could not retrieve the final payload but detected another variant of this attack and retrieved the payload. The company’s findings highlighted the existence of other campaigns that leverage the same techniques to target crypto companies.
The report concluded:
“The cryptocurrency market remains a field of interest for threat actors. Targeted users are identified through trusted channels to increase the chance of success. While the biggest companies can be targeted, smaller companies can also be targets of interest.”
Crypto Scammers’ Landscape So Far
The crypto market remains a field of interest for threat actors who have now leaned towards more sophisticated attacks to increase the chance of success.
According to recent research conducted by cybersecurity and data privacy firm Privacy Affairs, the value of crypto siphoned by threat actors in the first 11 months of the year surged by 37% to $4.3 billion. Of the 11 biggest cryptocurrency scams committed in 2022, Privacy Affairs claimed that the top five are the failure of FTX, Axie Infinity’s Ronin Network attack in March ($615 million), the Wormhole crypto bridge hack in February ($320 million), the JuicyFields.io scam in July ($273 million) and others.
Rug pulls took a big share as more than 188,000 of them were recorded on various blockchains, including BNB and Ethereum.