ADVERTISEMENT
TechEconomy
Thursday, May 15, 2025
No Result
View All Result
Advertisement
  • News
  • Tech
    • DisruptiveTECH
    • ConsumerTech
      • Accessories
      • Phones
      • Laptop
      • Gadgets and Appliances
      • Apps
    • How To
    • TechTAINMENT
  • Business
    • Telecoms
      • Broadband
    • Mobility
    • Environment
    • Travel
    • Commerce
    • StartUPs
    • TE Insights
    • Security
  • Partners
  • Economy
    • Finance
    • Fintech
    • Digital Assets
    • Personal Finance
    • Insurance
  • Features
    • IndustryINFLUENCERS
    • Guest Writer
    • Appointment
    • EventDIARY
    • Editorial
  • Apply
  • TecheconomyTV
  • Techeconomy Events
  • BusinesSENSE For SMEs
  • TBS
  • News
  • Tech
    • DisruptiveTECH
    • ConsumerTech
      • Accessories
      • Phones
      • Laptop
      • Gadgets and Appliances
      • Apps
    • How To
    • TechTAINMENT
  • Business
    • Telecoms
      • Broadband
    • Mobility
    • Environment
    • Travel
    • Commerce
    • StartUPs
    • TE Insights
    • Security
  • Partners
  • Economy
    • Finance
    • Fintech
    • Digital Assets
    • Personal Finance
    • Insurance
  • Features
    • IndustryINFLUENCERS
    • Guest Writer
    • Appointment
    • EventDIARY
    • Editorial
  • Apply
  • TecheconomyTV
  • Techeconomy Events
  • BusinesSENSE For SMEs
  • TBS
No Result
View All Result
Tech | Business | Economy
No Result
View All Result
Podcast

Home » BlueNoroff threat actor drains cryptocurrency startups’ accounts 

BlueNoroff threat actor drains cryptocurrency startups’ accounts 

Yinka Okeowo by Yinka Okeowo
January 18, 2022
in Digital Assets
0

RelatedPosts

Decentralized Nigeria - Nova Phoenix and Web3

With the Right Frameworks Nigeria Can Be Web3 Leader in Africa, Beyond – Nova Phoenix

May 13, 2025

Trump’s $TRUMP Coin Dinner Causes Controversy Over Profits, Political Influence

May 12, 2025

Kaspersky experts have uncovered a series of attacks by advanced persistent threat (APT) actor BlueNoroff against small and medium-sized companies worldwide resulting in major cryptocurrency losses for the victims.

The campaign, dubbed SnatchCrypto, is aimed at various companies that, by the nature of their work, deal with cryptocurrencies and smart contracts, DeFi, Blockchain, and the FinTech industry.

In BlueNoroff’s most recent campaign, the attackers have been subtly abusing the trust of the employees working at targeted companies by sending them a full-featured Windows backdoor with surveillance functions under the guise of a “contract” or another business file.

In order to eventually empty the victim’s crypto wallet, the actor has developed extensive and dangerous resources: complex infrastructure, exploits, malware implants.

BlueNoroff is part of the larger Lazarus group and uses their diversified structure and sophisticated attack technologies.

The Lazarus APT group is known for attacks on banks and servers connected to SWIFT and has even engaged in the creation of fake companies for the development of cryptocurrency software. The deceived clients subsequently installed legitimate-looking apps and, after a while, received backdoored updates.

Now, this Lazarus’ “branch has switched to attacking cryptocurrency startups. As most of cryptocurrency businesses are small or medium-sized startups, they cannot invest lots of money into their internal security system. The actor understands this point and takes advantage of it by using elaborate social engineering schemes.

To gain the victim’s trust, BlueNoroff pretends to be an existing venture capital company. Kaspersky researchers uncovered over 15 venture businesses, whose brand name and employee names were abused during the SnatchCrypto campaign. Kaspersky experts also believe that real companies have nothing to do with this attack or the emails.

The startup crypto sphere was chosen by cybercriminals for a reason: startups often receive letters or files from unfamiliar sources. For example, a venture company may send them a contract or other business-related files. The APT-actor uses this as bait to make victims open the attachment in email – a macro-enabled document.

BlueNoroff threat actor drains cryptocurrency startups accounts 
United BANK
An attentive user may spot that something fishy is happening while MS Word shows a standard loading popup window.

If the document was to be opened offline, the file would not represent anything dangerous – most likely, it would look like a copy of some kind of contract or another harmless document. But if the computer is connected to the Internet at the time of opening the file, another macro-enabled document is fetched to the victim’s device, deploying malware.

United BANK

This APT group has various methods in their infection arsenal and assembles the infection chain depending on the situation. Besides weaponized Word documents, the actor also spreads malware disguised as zipped Windows shortcut files.

It sends the victim’s general information and Powershell agent, which then creates a full-featured backdoor. Using this, BlueNoroff deploys other malicious tools to monitor the victim: a keylogger and screenshot taker.

Then the attackers track victims for weeks and months: they collect keystrokes and monitor the daily operations of the user, while planning a strategy for financial theft.

Having found a prominent target that uses a popular browser extension to manage crypto wallets (for example, the Metamask extension), they replace the main component of the extension with a fake version.

According to the researchers, the attackers receive a notification upon discovering large transfers. When the compromised user attempts to transfer some funds to another account, they intercept the transaction process and inject their own logic.

To complete the initiated payment, the user then clicks the “approve” button. At this moment, cybercriminals are changing the recipient’s address and maximizing the transaction amount, essentially draining the account in one move.

BlueNoroff threat actor drains cryptocurrency startups accounts 
The group is currently active and attacks users regardless of which country they are from.

“As attackers continuously come up with a lot of new ways to trick and abuse, even small businesses should educate their employees on basic cybersecurity practices. It is especially essential if the company works with crypto wallets: there is nothing wrong with using cryptocurrency services and extensions,but note that it is also an attractive target for APT and cybercriminals alike. Therefore, this sector needs to be well protected,” comments Seongsu Park, senior security researcher at Kaspersky’s Global Research and Analysis Team (GReAT).

Loading

Author

  • Yinka Okeowo
    Yinka Okeowo

    View all posts
0Shares

Tags: blockchainBlueNoroffcryptocurrenciesDeFifintechsmart contracts
Previous Post

Nigerian shipping startup, Topship, accepted to Ycombinator 2022 batch

Next Post

NITDA keeping pace with PLWD through digital inclusion

Yinka Okeowo

Yinka Okeowo

Related Posts

Decentralized Nigeria - Nova Phoenix and Web3
Digital Assets

With the Right Frameworks Nigeria Can Be Web3 Leader in Africa, Beyond – Nova Phoenix

by Latifat Fashina
May 13, 2025
0

On July 5, 2025, at the prestigious Civic Centre in Lagos, Nigeria’s tech landscape will witness a defining moment as...

Read more
Trump’s $TRUMP Coin Dinner Causes Controversy Over Profits, Political Influence

Trump’s $TRUMP Coin Dinner Causes Controversy Over Profits, Political Influence

May 12, 2025
Tae Oh, founder of Spacecoin speaks to Techeconomy

Q&A with Tae Oh on How Spacecoin is Building Decentralised Internet and Financial Access in Nigeria

May 8, 2025
Trump Tariff and Taxes

Trump’s Tariff Rattling Markets: What are Options for Investors to Protect Portfolios

May 2, 2025
Rume And Nova for Decentralized Nigeria

Decentralized Nigeria: Why Africa Must Catch Up with the Web3 Revolution

May 1, 2025
Onafriq and Circle partnership

PARTNERSHIP: Onafriq and Circle to Power Remittances with USDC

April 30, 2025
Next Post

NITDA keeping pace with PLWD through digital inclusion

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

I agree to the Terms & Conditions and Privacy Policy.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Techeconomy Podcast

Techeconomy Podcast
Techeconomy Podcast

Infowave is brought to you by TechEconomy. Every week we will bring new stories from startups and influencers who are shaping and changing the world we live in. We’ll also bring you reports on topics you should know.

Follow us @techeconomyng for more.

CYBERSECURITY ESSENTIALS
byTecheconomy

BUILDING STRONGER NETWORKS AND COMMUNITIES

CYBERSECURITY ESSENTIALS
CYBERSECURITY ESSENTIALS
April 24, 2025
Techeconomy
Digital Marketing Trends and strategies for 2025 and beyond
February 27, 2025
Techeconomy
Major Lesson for Techies in 2024 and Projections for 2025
December 6, 2024
Techeconomy
Major Lessons for Techies in an AI-Driven World | Techeconomy Business Series Highlights
November 26, 2024
Techeconomy
Maximizing Profitability Through Seasonal Sales: Strategies For Success
November 8, 2024
Techeconomy
Techeconomy Business Series
October 15, 2024
Techeconomy
PRIVACY IN THE ERA OF AI: GETTING YOUR BUSINESS READY
May 30, 2024
Techeconomy
Unravel the Secrets of Marketing Everywhere All At Once with Isaac Akanni from Infobip | Infowave Podcast Episode 1
February 9, 2024
Techeconomy
The Role of Ed-tech in Life Long Learning and Continuous Education
October 19, 2023
Techeconomy
Filmmaking and Technology: A chat with Micheal Chineme Ike
June 7, 2023
Techeconomy
Search Results placeholder

WHAT IS TRENDING

https://www.youtube.com/watch?v=g_MCUwS2woc&list=PL6bbK-xx1KbIgX-IzYdqISXq1pUsuA4dz
uba

Follow Us

  • About Us
  • Contact Us
  • Careers
  • Privacy Policy

© 2025 Techeconomy - Designed by Opimedia.

No Result
View All Result
  • News
  • Tech
    • DisruptiveTECH
    • ConsumerTech
      • Accessories
      • Phones
      • Laptop
      • Gadgets and Appliances
      • Apps
    • How To
    • TechTAINMENT
  • Business
    • Telecoms
      • Broadband
    • Mobility
    • Environment
    • Travel
    • Commerce
    • StartUPs
    • TE Insights
    • Security
  • Partners
  • Economy
    • Finance
    • Fintech
    • Digital Assets
    • Personal Finance
    • Insurance
  • Features
    • IndustryINFLUENCERS
    • Guest Writer
    • Appointment
    • EventDIARY
    • Editorial
  • Apply
  • TecheconomyTV
  • Techeconomy Events
  • BusinesSENSE For SMEs
  • TBS

© 2025 Techeconomy - Designed by Opimedia.

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.