BlueNoroff Hidden Risk | Threat Actor Targets Macs with Fake Crypto News and Novel Persistence
Executive Summary
- SentinelLabs has observed a suspected DPRK threat actor targeting Crypto-related businesses with novel multi-stage malware.
- We assess with high confidence that the same actor is responsible for earlier attacks attributed to BlueNoroff and the RustDoor/ThiefBucket and RustBucket campaigns.
- SentinelLabs observed the use of a novel persistence mechanism abusing the Zsh configuration file
zshenv. - The campaign, which we dubbed ‘Hidden Risk’, uses emails propagating fake news about cryptocurrency trends to infect targets via a malicious application disguised as a PDF file.
Overview
Cryptocurrency-related businesses have been targets of North Korean-affiliated threat actors for some time now, with multiple…
