North Korea allegedly targeting crypto businesses with Mac-focused malware

Category	Details
Threat Actors	BlueNoroff, a subgroup of Lazarus, attributed to North Korea’s Reconnaissance General Bureau (RGB).
Campaign Overview	“Hidden Risk” campaign targeting cryptocurrency firms using phishing emails and Mac malware.
Target Regions (Or Victims)	Crypto-related businesses, particularly those using macOS.
Methodology	Phishing emails with malicious links to apps disguised as PDF documents. Email lures impersonate influencers and reference fake crypto news or reports.
Product Targeted	macOS systems and cryptocurrency-related businesses.
Malware Reference	Malicious Mac application “Hidden Risk Behind New Surge of Bitcoin Price.app”; backdoor malware similar to previous BlueNoroff tools.
Tools Used	Malicious websites mimicking legitimate Web3, crypto, and fintech domains; email marketing tools (e.g., Brevo); hijacked Apple Developer IDs.
Vulnerabilities Exploited	Abuse of Apple’s “identified developer” notarization process to bypass macOS security.
TTPs	Phishing, social engineering, malware deployment via signed malicious apps, domain mimicry, and use of decoy PDFs.
Attribution	Linked to BlueNoroff subgroup under Lazarus; supported by SentinelOne’s technical analysis and earlier U.S. Treasury and U.N. reports.
Recommendations	– Be cautious of unsolicited emails with links or attachments. – Verify the sender’s identity, especially for crypto-related communications. – Use robust anti-phishing tools and macOS security features. – Regularly audit and revoke unnecessary developer accounts. – Avoid downloading unverified apps, especially from unknown sources. – Train employees on identifying phishing and social engineering attempts.
Source	The Record

Read full article: Read More
Disclaimer: The above summary has been generated by an AI language model.