eCommerce News Australia logo
The latest digital commerce news for Aussie businesses
Story image

Major cryptocurrency losses for SMBs from BlueNoroff threat actor

By Shannon Williams
Thu 20 Jan 2022

Kaspersky experts have uncovered a series of attacks by advanced persistent threat (APT) actor BlueNoroff against small and medium-sized companies worldwide, resulting in major cryptocurrency losses for the victims.

The campaign, dubbed SnatchCrypto, is aimed at various companies that, by the nature of their work, deal with cryptocurrencies and smart contracts, DeFi, Blockchain, and the FinTech industry.

In BlueNoroff's most recent campaign, the attackers have been subtly abusing the trust of the employees working at targeted companies by sending them a full-featured Windows backdoor with surveillance functions under the guise of a contract or another business file. In order to eventually empty the victim's crypto wallet, the actor has developed extensive and dangerous resources: complex infrastructure, exploits, malware implants.

BlueNoroff is part of the larger Lazarus group and uses their diversified structure and sophisticated attack technologies. The Lazarus APT group is known for attacks on banks and servers connected to SWIFT, and has even engaged in the creation of fake companies for the development of cryptocurrency software. The deceived clients subsequently installed legitimate-looking apps and, after a while, received backdoored updates.

Kaspersky says this Lazarus branch has now switched to attacking cryptocurrency startups. As most of cryptocurrency businesses are small or medium-sized startups, they cannot invest lots of money into their internal security system. The actor understands this point and takes advantage of it by using elaborate social engineering schemes, it says.

To gain the victims trust, BlueNoroff pretends to be an existing venture capital company. Kaspersky researchers uncovered over 15 venture businesses, whose brand name and employee names were abused during the SnatchCrypto campaign. Kaspersky experts also believe that real companies have nothing to do with this attack or the emails. The start-up crypto sphere was chosen by cybercriminals for a reason: startups often receive letters or files from unfamiliar sources. For example, a venture company may send them a contract or other business-related files. The APT-actor uses this as bait to make victims open the attachment in email a macro-enabled document.

An attentive user may spot that something fishy is happening while MS Word shows a standard loading popup window.

If the document was to be opened offline, the file would not represent anything dangerous - most likely, it would look like a copy of some kind of contract or another harmless document. But if the computer is connected to the Internet at the time of opening the file, another macro-enabled document is fetched to the victim's device, deploying malware.

This APT group has various methods in their infection arsenal and assembles the infection chain depending on the situation. Besides weaponised Word documents, the actor also spreads malware disguised as zipped Windows shortcut files. It sends the victim's general information and Powershell agent, which then creates a full-featured backdoor. Using this, BlueNoroff deploys other malicious tools to monitor the victim: a keylogger and screenshot taker.

According to Kaspersky, the attackers then track victims for weeks and months: they collect keystrokes and monitor the daily operations of the user, while planning a strategy for financial theft. Having found a prominent target that uses a popular browser extension to manage crypto wallets (for example, the Metamask extension), they replace the main component of the extension with a fake version.

The researchers says the attackers receive a notification upon discovering large transfers. When the compromised user attempts to transfer some funds to another account, they intercept the transaction process and inject their own logic. To complete the initiated payment, the user then clicks the "approve" button. At this moment, cybercriminals are changing the recipient's address and maximising the transaction amount, essentially draining the account in one move.

The group is currently active and attacks users regardless of which country they are from

"As attackers continuously come up with a lot of new ways to trick and abuse, even small businesses should educate their employees on basic cybersecurity practices," says Seongsu Park, senior security researcher at Kaspersky's Global Research and Analysis Team (GReAT).

"It is especially essential if the company works with crypto wallets: there is nothing wrong with using cryptocurrency services and extensions, but note that it is also an attractive target for APT and cybercriminals alike. Therefore, this sector needs to be well protected.,"

For organisations protection, Kaspersky suggests the following:

  • Provide your staff with basic cybersecurity hygiene training, as many targeted attacks start with phishing or other social engineering techniques;
  • Carry out a cybersecurity audit of your networks and remediate any weaknesses discovered in the perimeter or inside the network.
  • The injection of the extension is hard to find manually, unless you are very familiar with the Metamask codebase. However, a modification of the Chrome extension leaves a trace. The browser has to be switched to Developer Mode and the Metamask extension is installed from a local directory instead of the online store. If the plugin comes from the store, Chrome enforces digital signature validation for the code and guarantees code integrity. So, if you are in doubt, check your Metamask extension and Chrome settings right now.
  • Install anti-APT and EDR solutions, enabling threat discovery and detection, investigation and timely remediation of incidents capabilities. Provide your SOC team with access to the latest threat intelligence and regularly upskill them with professional training. All of the above is available within the Kaspersky Expert Security framework.
  • Along with proper endpoint protection, dedicated services can help against high-profile attacks. The Kaspersky Managed Detection and Response service can help identify and stop attacks in their early stages, before the attackers achieve their goals.
Related stories
Top stories
Story image
Cybersecurity
More than 40% of banks worried about cloud security - report
Publicis Sapient's new report finds security and the lack of cloud skills and internal understanding of business benefits are big obstacles for banks moving to the cloud.
Story image
Customer experience
Research unveils precarious customer loyalty for retailers
New research has found customers are reassessing established brand loyalties as their priorities and behaviours shift.
Story image
Lightspeed
Lightspeed launches all-in-one marketing platform in A/NZ
ECommerce provider, Lightspeed has launched a new all-in-one marketing solution, Lightspeed Marketing & Loyalty in Australia and New Zealand.
Story image
Fintech
Airwallex launches new bank feed integration with NetSuite
Airwallex has launched a new bank feed integration with NetSuite, developed in partnership with NetSuite solution partner, Onlineone.
Story image
Poly
Poly introduces new smart devices and announces Amazon e-store in Australia
Poly is introducing two new pro-grade devices to the market and announcing its first official Australian e-store on Amazon.
Story image
Forrester
commercetools named a Leader in B2B Forrester report
commercetools has been named a Leader in The Forrester Wave: B2B Commerce Solutions, Q2 2022 report, receiving the highest scores possible in 10 criteria.
Story image
Gaming
Mastercard users can now use rewards points in gaming
Mastercard has launched Mastercard Gamer Xchange (MGX), allowing APAC consumers to convert their rewards points into gaming currency.
Story image
Amazon Web Services / AWS
Databricks strengthens AWS partnership with new Lakehouse offering
Customers will experience faster onboarding and unified account administration to make building a Databricks Lakehouse on AWS easier.
Story image
CRM
Zendesk announces new conversational CRM solutions
“The last few years have made it obvious that digital is the front door, convenience is paramount and relationships are anchored in conversations."
Story image
Artificial Intelligence
Laybuy launches new AI chatbot Hugo using Ambit tech
Laybuy partners with fellow New Zealand company Ambit to launch conversational AI in a bid to support its international growth.
Story image
Mobility
Hands-on review: STM laptop bags
The advent of hybrid working has meant we need laptop bags. We got our hands on two of the most popular laptop bags from STM.
Story image
Machine Learning
Moloco launches updates to Cloud Demand-Side Platform
The latest updates focus on improving performance through intelligent budget allocation, automating workflows through smart campaign UI/UX, and ad creation.
Story image
Collaboration
Zoom announces CX innovations for 'work anywhere' workforce
Zoom Video Communications has unveiled its latest innovations in the Zoom platform to help businesses improve customer and employee experiences.
Story image
Data
Aussie data & analytic execs not confident in data strategy
Less than half of Australian data and analytics leaders are confident in their data strategy as siloes and lack of culture prevent innovation.
Story image
Online shopping
A/NZ shoppers plan to spend less, be more selective
For retailers, 2022 is set to be a year of introspection as shoppers across Australia and New Zealand indicate they plan to spend less.
Story image
Phishing
Google reveals new safety and security measures for users
Google's new measures include automatic two step verification, virtual cards and making it easier to remove contact information on Google Search results.
Story image
Pinterest
Pinterest partners with WooCommerce and launches app
The new app gives businesses of all sizes the power to turn their product catalogues into shoppable product pins on Pinterest
Story image
Artificial Intelligence
SAS unveils AI experience to improve kids' batting abilities
SAS has created The Batting Lab, an interactive experience using AI, computer vision and IoT analytics to help kids improve their baseball and softball swings.
Story image
Limepay
Limepay launches new digital B2B payment system STACK
Limepay says its new solution will help businesses improve cash flow reliability and deliver secure, convenient payment options
Story image
SAS
New SAS service overcomes subscription fatigue for media companies
SAS has launched SAS 360 Match which helps media companies move towards a AVOD model to generate revenue as subscribers cancel.
Story image
Enterprise Resource Planning / ERP
Great Resignation could severely impact Australian economy
DyFlex Solutions says Australia's services sector makes up more than 70% of the country's gross domestic product, and the Great Resignation has the potential to affect the Australian economy well into the future.
Story image
Xero
More solutions updates and developments from Xero announced
Xero has announced a raft of new globally available solutions, features and product updates for the month of May, along with future developments soon to be rolled out.
Story image
Compliance
Profectus Group serves up payment analysis for Barbeques Galore
Profectus Group has recently won a deal with Australian retailer Barbeques Galore that is set to serve up expert analysis of rebates and payments for better business outcomes.
Story image
Manufacturing
HINDSITE wins Aerospace Xelerated Pitch Challenge with solution to support Boeing
Brisbane-based startup HINDSITE was the winner of the first ever Pitch Challenge organised by Aerospace Xelerated in partnership with Queensland XR Hub. 
Story image
Open banking
A look at the rewards and risks of open banking - report
RiskBusiness says its report on open banking finds that while it holds much potential, financial services firms need to ensure they have robust, risk processes.
Story image
Sensor Tower
Australia’s most downloaded apps revealed in study
Sensor Tower reveals government apps topped the list followed by the usual social media suspects, but local streaming services also made the cut.
Story image
Marketplacer
Marketplacer and True Woo partner for wellness marketplace
Marketplacer has announced the completion of a new holistic online marketplace for True Woo, offering a range of products and services targeted at individuals seeking ways to improve their wellbeing.
Story image
Customer experience
Digital insight through UCaaS to improve customer experience
One of the most quoted adages in business is "if you can't measure it, you can't manage it" this has been a long-held problem in telephony and customer service.
Story image
trust
9/10 Aussies to stop spending if personal data compromised
"Based on the patterns we are seeing among Australian consumers, it is evident that trust in a brand is exceptionally important."
Story image
Fintech
Incumbent banks must embrace data-centric capabilities
Retail banks are lagging in their ability to offer true omnichannel experiences, as customers pivot to competitors that offer more personalised experiences.
Story image
CRM
Freshworks launches new CRM with Shopify availability
Freshworks has launched a new customer relationship management (CRM) solution, which has also been made available on the Shopify apps store.
Story image
Small Business / SMB
Australian small business unsatisfied with traditional banks
"The pandemic put a sudden, massive burden on SMEs globally, and they didn't think banks did enough to help them."
Story image
Adyen
Adyen expands partnership with Afterpay as BNPL payments increase
Adyen has expanded its partnership with AfterPay allowing more of Adyen’s merchants in more countries worldwide to use the BNPL provider.
Story image
Cybersecurity
Mastercard and Openly partners to boost privacy and security
Mastercard and Australian company Openly have teamed up to provide organisations a complete view of their supply chain privacy and cyber risk posture.
Story image
Collaboration
Is video technology the future of retail?
The way we hunt for and buy products has forever changed with innovative technology designed to take customers from their initial curiosity through to purchase
Story image
SaaS
Forrester Research names BigCommerce a Strong Performer
BigCommerce has announced it has been named a Strong Performer by Forrester Research in both the Forrester Wave: B2C Commerce Solutions, Q2 2022 and the Forrester Wave: B2B Commerce Solutions, Q2 2022 reports.
Story image
Veryfi
Veryfi announces Mobile Receipt Capture for D2C marketing apps
Veryfi has announced a new enhancement to its portfolio, with Mobile Receipt Capture for direct-to-consumer marketing apps.
Story image
Bank
NICE CXone platform integration implemented with Regional Bank Australia
NICE has announced the successful implementation of the NICE CXone platform with Regional Bank Australia.
Story image
Sustainability
Hootsuite 2021 Impact Report shows workforce more diverse
Hootsuite has released its annual 2021 Impact Report detailing the results of its social impact initiatives following the launch of its corporate guiding principles.
Story image
CRM
Salesforce launches AI-based insights with CRM Analytics
Salesforce announces CRM Analytics, AI-based insights for sales, marketing, and service teams in every industry.
Story image
Customer experience
Dell Technologies expands edge innovations for retailers
Dell Technologies has announced the expansion of its edge solutions to help retailers quickly generate more value and deliver enhanced customer experiences.
Story image
Microsoft
FIS Modern Banking Platform now available on Microsoft Azure
FIS says the partnership will expand its digital online banking to markets like New Zealand, the United Kingdom and Thailand
Story image
Phishing
Retail and wholesale at significant risk of phishing attacks
New research from Zscaler has found that many retail and wholesale environments are at significant risk, with a 400% increase in phishing attacks being reported in the last 12 months.
Story image
Remote Working
Better tech key to adapting to the hybrid workplace - Adobe
The shift to hybrid work has been a boon for many information workers, but also comes with its share of challenges, particularly with regards to technology.