North hackers are using new techniques for crypto scams. In the latest addition to the long list of ways in which hackers in DPRK have been stealing crypto, phishing and malware scams are the newest addition.
Researchers at SentinelLabs have discovered that since July 2024, phishing emails that appear to offer useful information about the dangers associated with the increase in the price of Bitcoin have been sent to targeted victims in cryptocurrency-related industries.
How Do The Email and Malware Work?
The email instructs users to open an PDF file with important information. In order to download the PDF file, the email instructs the recipient to click the “Open” button; however, doing so will cause the malicious macOS application bundle “Hidden Risk Behind New Surge of Bitcoin Price.app” to be downloaded.
The malware will allow the hacker to then take up all important information, alongside undertaking the crypto hack.
When the app is launched, a fake PDF file with an actual research paper published earlier this year is downloaded and opened. It also secretly downloads and runs a malicious binary from a hard-coded URL at the same time.
North Korea’s Crypto Scams See Increase In Last Decade
North Korea has committed a number of scams related to crypto in the past decade. Almost 11 of the cryptocurrency thefts, valued at $54.7 million, in 2024 alone have been conducted by DPRK IT workers, according to the United Nations.
Known officially as the Democratic People’s Republic of Korea (DPRK), North Korea has been subject to U.N. sanctions since 2006. Over time, the sanctions have been tightened in an effort to reduce funding for its nuclear and ballistic missile programs.
Since the nation has been under constant sanctions, the theft of crypto money and virtual assets has helped the country to use the funds for various activities.
Just recently, to recoup more than $2.67 million in digital assets that were taken by the North Korean Lazarus Group, the US government has filed two lawsuits.
Since 2017, it is estimated that North Korean hackers have stolen $3 billion worth of cryptocurrency, using the proceeds to finance the regime’s missile and nuclear projects.
Microsoft has discovered a number of new North Korean hacking groups that have been targeting cryptocurrency organizations since last year. These organizations include Moonstone Sleet, Jade Sleet, Sapphire Sleet, and Citrine Sleet.
Microsoft specifically highlights Moonstone Sleet which has created a unique ransomware variant and used it against unnamed organizations in the defense and aerospace industries in order to obtain financial information as well as intelligence.