The Microsoft (MSFT) Security Intelligence team has discovered that hacker DEV-0139 has been using Telegram group chats to target wealthy cryptocurrency funds.
Investment funds and rich traders find it very difficult to deal with cryptocurrencies due to exchange fees. They must be improved to lessen the impact on margins and profits as they are identified as a cost. The majority of costs are a result of fees that cryptocurrency exchanges impose on transactions.
Read also: Cybercrime Ravages Cryptocurrencies
Hackers target Telegram conversations
Hackers seek to exploit this issue to steal crypto-target money. DEV-0139 joined several Telegram channels with prominent investors and exchanges for communication. They targeted these group members. The Microsoft research assessed OKX, Huobi, and Binance exchanges.
DEV-0139, portraying themselves as exchange workers, invited the targets to a totally different chat group and pretended to solicit comments on the transaction fee models adopted by various cryptocurrency exchanges. They then began a debate to develop mutual solidarity and use their extensive industry expertise and swift zeal to entice victims progressively.
DEV-0139 then emailed a weaponized Excel file with legitimate bitcoin exchange fee information to boost their credibility.
The Excel file used a malicious program to retrieve data and drop another Excel sheet. In invisible mode, this sheet downloaded a picture file with three executables: a legitimate Windows file, a malicious DLL file, and an XOR-encoded back door.
DLLs contain code and data that multiple programs can use. XOR encryption, on the other hand, is hard to brute-force. Using the back door, the hacker accessed the infected system remotely. DEV-0139 may have run other campaigns using similar methods, according to Microsoft.
Microsoft stated:
“To find the targets, the threat actor looked on Telegram for people who were in cryptocurrency investment groups. In this attack, DEV-0139 got in touch with their target on October 19, 2022, by creating a second Telegram group called NameOfTheTargetedCompany> > OKX Fee Adjustment and inviting three employees.
“The threat actor used information from employees of the company OKX to make fake profiles. The report says, “The screenshot below shows the real accounts and malicious accounts for two of the users in the group.”
The Explosive Growth of Blockchain Funding and Cryptocurrency in Africa
Crypto Investors Need Caution
Investors in cryptocurrencies should take note of this strong warning as attackers are prowling the market in search of opportunities. The market has suffered greatly as a result of several catastrophic and unheard-of occurrences. The sector’s many turns have left traders bewildered and apprehensive.
The information that these attackers used Telegram conversations is a strong indicator and cautionary note for cryptocurrency traders who are careless and oblivious to suspicious activity. Investors in cryptocurrencies need to be vigilant and always prepared to scrutinize any offer or move in order to avoid incurring needless losses.