The security division of tech giant Microsoft has investigated an attack where a malicious actor was targeting various cryptocurrency investment companies.
The threat actor, who has been tracked as DEV-013, was able to infiltrate chat groups on the popular messaging app Telegram to masquerade as representatives of a crypto investment company. They were pretending to discuss trading fees with VIP clients of major exchanges.
The hacker had in-depth knowledge of the matter, which made it easier for them to gain their victim’s trust.
Their goal was to trick crypto investment funds into downloading an Excel file. While the document provides accurate information regarding the fee structure of major cryptocurrency exchanges, it also contains a malicious macro that executes another Excel sheet in invisible mode. This makes it possible for the bad actor to gain remote access to the victim’s infected system.
Microsoft’s findings also suggest that there could be other campaigns that rely on the same techniques to target crypto companies.
The tech giant concludes that the cryptocurrency industry is “a field of interest” for cybercriminals. They can target both big and small companies. Microsoft recommends taking additional precautionary measures in order to prevent such attacks.
As reported by U.Today, a cryptocurrency mining malware campaign that infected more than 111,000 users was discovered by cybersecurity provider Check Point Software Technologies this August.
Last April, Microsoft and chip giant Intel announced a collaboration aimed at fighting malicious crypto mining.
Dan Burgin
Vladislav Sopov
