NaiveCopy: A Recent Active Cyber Threat Targeting Crypto Users

NaiveCopy: A Recent Active Cyber Threat Targeting Crypto Users
Share this:

In the second quarter of 2022, Kaspersky researchers witnessed Advanced Persistent Threat (APT) actors increasingly targeting the cryptocurrency space, enabling unauthorised transactions.

Using cryptocurrency-related content and warnings from law enforcements as bait, the actor behind this new and highly active campaign, dubbed “NaiveCopy”, attacked stock and cryptocurrency investors in South Korea.

Recent analysis of NaiveCopy’s tactics and techniques revealed another related campaign active the year before which targeted unknown entities in both Mexico and the UK. This, along with other discoveries, is revealed in Kaspersky’s latest quarterly threat intelligence summary.

Read Also: Solana Wallet Exploit On-going, Users Advised to Move Funds to FTX.

How it Works: 

The infection chains involves remote template injection, spawning a malicious macro which starts a multi-stage infection procedure using Dropbox.

After beaconing the victim’s host information, the malware then attempts to fetch the final stage payload.

Luckily, Kaspersky was able to acquire the final stage payload, consisting of several modules used for exfiltrating sensitive information from the victim.

By analysing this payload, Kaspersky researchers found additional samples that had been used a year ago during another campaign against entities in Mexico and UK. 

Kaspersky experts do not see any precise connections to known threat actors, however they believe that they are familiar with the Korean language and have utilised a similar tactic previously used by the Konni group to steal the login credentials for a renowned Korean portal. The Konni group is a threat actor which has been active since mid-2021, mostly targeting Russian diplomatic entities.

Recently, APT actors have now turned their attention to the cryptocurrency industry by enabling click bait malware that can authenticate and allow unauthorised transactions from user wallet.

“This is an unusual, but increasing, tendency for the APT landscape. In order to combat the threats, organisations need to gain visibility across the recent cyberthreat landscape. Threat intelligence is an essential component that enables reliable and timely anticipation of such attacks,” comments David Emm, principal security researcher at Kapersky.


Discover more from DiutoCoinNews

Subscribe to get the latest posts sent to your email.

Leave a Comment

Comments

No comments yet. Why don’t you start the discussion?

    Leave a Reply

    Your email address will not be published. Required fields are marked *