eCommerce News Asia logo
The latest digital commerce news for Asian businesses
Story image

Major cryptocurrency losses for SMBs from BlueNoroff threat actor

By Shannon Williams
Thu 20 Jan 2022

Kaspersky experts have uncovered a series of attacks by advanced persistent threat (APT) actor BlueNoroff against small and medium-sized companies worldwide, resulting in major cryptocurrency losses for the victims.

The campaign, dubbed SnatchCrypto, is aimed at various companies that, by the nature of their work, deal with cryptocurrencies and smart contracts, DeFi, Blockchain, and the FinTech industry.

In BlueNoroff's most recent campaign, the attackers have been subtly abusing the trust of the employees working at targeted companies by sending them a full-featured Windows backdoor with surveillance functions under the guise of a contract or another business file. In order to eventually empty the victim's crypto wallet, the actor has developed extensive and dangerous resources: complex infrastructure, exploits, malware implants.

BlueNoroff is part of the larger Lazarus group and uses their diversified structure and sophisticated attack technologies. The Lazarus APT group is known for attacks on banks and servers connected to SWIFT, and has even engaged in the creation of fake companies for the development of cryptocurrency software. The deceived clients subsequently installed legitimate-looking apps and, after a while, received backdoored updates.

Kaspersky says this Lazarus branch has now switched to attacking cryptocurrency startups. As most of cryptocurrency businesses are small or medium-sized startups, they cannot invest lots of money into their internal security system. The actor understands this point and takes advantage of it by using elaborate social engineering schemes, it says.

To gain the victims trust, BlueNoroff pretends to be an existing venture capital company. Kaspersky researchers uncovered over 15 venture businesses, whose brand name and employee names were abused during the SnatchCrypto campaign. Kaspersky experts also believe that real companies have nothing to do with this attack or the emails. The start-up crypto sphere was chosen by cybercriminals for a reason: startups often receive letters or files from unfamiliar sources. For example, a venture company may send them a contract or other business-related files. The APT-actor uses this as bait to make victims open the attachment in email a macro-enabled document.

An attentive user may spot that something fishy is happening while MS Word shows a standard loading popup window.

If the document was to be opened offline, the file would not represent anything dangerous - most likely, it would look like a copy of some kind of contract or another harmless document. But if the computer is connected to the Internet at the time of opening the file, another macro-enabled document is fetched to the victim's device, deploying malware.

This APT group has various methods in their infection arsenal and assembles the infection chain depending on the situation. Besides weaponised Word documents, the actor also spreads malware disguised as zipped Windows shortcut files. It sends the victim's general information and Powershell agent, which then creates a full-featured backdoor. Using this, BlueNoroff deploys other malicious tools to monitor the victim: a keylogger and screenshot taker.

According to Kaspersky, the attackers then track victims for weeks and months: they collect keystrokes and monitor the daily operations of the user, while planning a strategy for financial theft. Having found a prominent target that uses a popular browser extension to manage crypto wallets (for example, the Metamask extension), they replace the main component of the extension with a fake version.

The researchers says the attackers receive a notification upon discovering large transfers. When the compromised user attempts to transfer some funds to another account, they intercept the transaction process and inject their own logic. To complete the initiated payment, the user then clicks the "approve" button. At this moment, cybercriminals are changing the recipient's address and maximising the transaction amount, essentially draining the account in one move.

The group is currently active and attacks users regardless of which country they are from

"As attackers continuously come up with a lot of new ways to trick and abuse, even small businesses should educate their employees on basic cybersecurity practices," says Seongsu Park, senior security researcher at Kaspersky's Global Research and Analysis Team (GReAT).

"It is especially essential if the company works with crypto wallets: there is nothing wrong with using cryptocurrency services and extensions, but note that it is also an attractive target for APT and cybercriminals alike. Therefore, this sector needs to be well protected.,"

For organisations protection, Kaspersky suggests the following:

  • Provide your staff with basic cybersecurity hygiene training, as many targeted attacks start with phishing or other social engineering techniques;
  • Carry out a cybersecurity audit of your networks and remediate any weaknesses discovered in the perimeter or inside the network.
  • The injection of the extension is hard to find manually, unless you are very familiar with the Metamask codebase. However, a modification of the Chrome extension leaves a trace. The browser has to be switched to Developer Mode and the Metamask extension is installed from a local directory instead of the online store. If the plugin comes from the store, Chrome enforces digital signature validation for the code and guarantees code integrity. So, if you are in doubt, check your Metamask extension and Chrome settings right now.
  • Install anti-APT and EDR solutions, enabling threat discovery and detection, investigation and timely remediation of incidents capabilities. Provide your SOC team with access to the latest threat intelligence and regularly upskill them with professional training. All of the above is available within the Kaspersky Expert Security framework.
  • Along with proper endpoint protection, dedicated services can help against high-profile attacks. The Kaspersky Managed Detection and Response service can help identify and stop attacks in their early stages, before the attackers achieve their goals.
Related stories
Top stories
Story image
Artificial Intelligence
Gartner reveals top three tech trends for banks this year
Gartner says generative artificial intelligence, autonomic systems and privacy-enhancing computation are gaining traction in banking and investment services.
Story image
Logistics
Dematic robotic solutions win big at Singapore technology awards
Dematic has won the Robotics-Logistics award at the recently concluded Singapore Business Review Technology Excellence Awards.
Story image
Manhattan Associates
Shortening the click-to-customer cycle through smart technologies
Speed of delivery without accuracy is a dealbreaker for consumers. How can retailers operating in an omnichannel environment overcome the challenge of click-to-customer cycle times.
Story image
CrescoData
SPS network now available to CrescoData eCommerce customers
CrescoData, a Pitney Bowes Company and PaaS business in the commerce space, says its customers can now connect to the SPS Commerce Retail Network.
Story image
Open banking
A look at the rewards and risks of open banking - report
RiskBusiness says its report on open banking finds that while it holds much potential, financial services firms need to ensure they have robust, risk processes.
Story image
Customer experience
Research unveils precarious customer loyalty for retailers
New research has found customers are reassessing established brand loyalties as their priorities and behaviours shift.
Story image
SaaS
Forrester Research names BigCommerce a Strong Performer
BigCommerce has announced it has been named a Strong Performer by Forrester Research in both the Forrester Wave: B2C Commerce Solutions, Q2 2022 and the Forrester Wave: B2B Commerce Solutions, Q2 2022 reports.
Story image
Mobility
Hands-on review: STM laptop bags
The advent of hybrid working has meant we need laptop bags. We got our hands on two of the most popular laptop bags from STM.
Story image
Phishing
Google reveals new safety and security measures for users
Google's new measures include automatic two step verification, virtual cards and making it easier to remove contact information on Google Search results.
Story image
Techday
Techday introduces new IT Reports section across all sites
Techday is once again striving to provide the best experience for our clients, and we are pleased to announce a new section dedicated to asset promotion.
Story image
CRM
Zendesk announces new conversational CRM solutions
“The last few years have made it obvious that digital is the front door, convenience is paramount and relationships are anchored in conversations."
Sift
Navigating digital fraud and dispute can be tough. The Q4 2021 Digital Trust & Safety Index by Sift can give helpful insights to your business on keeping safe and prepared online.
Link image
Story image
Marketplacer
Marketplacer and True Woo partner for wellness marketplace
Marketplacer has announced the completion of a new holistic online marketplace for True Woo, offering a range of products and services targeted at individuals seeking ways to improve their wellbeing.
Story image
Fintech
Airwallex launches new bank feed integration with NetSuite
Airwallex has launched a new bank feed integration with NetSuite, developed in partnership with NetSuite solution partner, Onlineone.
Story image
Gaming
Mastercard users can now use rewards points in gaming
Mastercard has launched Mastercard Gamer Xchange (MGX), allowing APAC consumers to convert their rewards points into gaming currency.
Story image
Microsoft
Microsoft launches Startups Founders Hub Platform in Asia
"Our cloud services and solutions are designed to empower founders to concentrate on what they do best - innovate at their own pace."
Story image
Remote Working
Better tech key to adapting to the hybrid workplace - Adobe
The shift to hybrid work has been a boon for many information workers, but also comes with its share of challenges, particularly with regards to technology.
Story image
Esker
Esker named Challenger in 2022 Gartner Magic Quadrant
Esker has been named a Challenger in the 2022 Gartner Magic Quadrant for Integrated Invoice-to-Cash Applications.
Story image
DocuSign
DocuSign introduces new offering to help growing businesses
DocuSign has announced a new solution to help growing organisations centralise and automate the creation, negotiation, and secure storage of their contracts.
Story image
Webcam
Hands-on review: OBSBOT Tiny 4K PZT Webcam
We get our hands on a very reasonably priced business webcam with a bunch of unique features driven by artificial inteligence.
Story image
Pinterest
Pinterest partners with WooCommerce and launches app
The new app gives businesses of all sizes the power to turn their product catalogues into shoppable product pins on Pinterest
Story image
Phishing
Retail and wholesale at significant risk of phishing attacks
New research from Zscaler has found that many retail and wholesale environments are at significant risk, with a 400% increase in phishing attacks being reported in the last 12 months.
Story image
Jabra
Hands-on review: Jabra GN PanaCast 20 webcam
We get our hands on a Danish-designed high end webcam that has some rather unique artificial intelligence (AI) features.
Story image
Alibaba Group
Alibaba’s Cainiao Network uses solar power for warehouses
Alibaba Group's logistic arm Cainiao Network has installed 100,000m2 of solar panels on its warehouses so far in its push to build a global green supply chain
Story image
Phishing
New survey shows heightened online payment risks in Asia
A surge in digital payments has significantly increased banking security risks in Asia.
Story image
Fintech
Airwallex announces global expense management platform
Airwallex has announced the launch of its global Expenses platform, offering modern solutions for organisations to manage their expenses in a quick, seamless and straightforward manner.
Story image
SAS
New SAS service overcomes subscription fatigue for media companies
SAS has launched SAS 360 Match which helps media companies move towards a AVOD model to generate revenue as subscribers cancel.
Story image
Collaboration
Is video technology the future of retail?
The way we hunt for and buy products has forever changed with innovative technology designed to take customers from their initial curiosity through to purchase
Story image
Cybersecurity
More than 40% of banks worried about cloud security - report
Publicis Sapient's new report finds security and the lack of cloud skills and internal understanding of business benefits are big obstacles for banks moving to the cloud.
Story image
Fintech
Incumbent banks must embrace data-centric capabilities
Retail banks are lagging in their ability to offer true omnichannel experiences, as customers pivot to competitors that offer more personalised experiences.
Sift
Knowing the mechanics of retail fraud can greatly improve your chances of preventing an online attack. Read the new infographic by Sift to discover how your business can be prepared.
Link image
Story image
Artificial Intelligence
SAS unveils AI experience to improve kids' batting abilities
SAS has created The Batting Lab, an interactive experience using AI, computer vision and IoT analytics to help kids improve their baseball and softball swings.
Story image
Digital Transformation
Over half of SEA users say SMBs should use digital payments
According to a Kaspersky study, more than one in two SEA users say small businesses should be using digital payments.
Story image
Forrester
commercetools named a Leader in B2B Forrester report
commercetools has been named a Leader in The Forrester Wave: B2B Commerce Solutions, Q2 2022 report, receiving the highest scores possible in 10 criteria.
Story image
Machine Learning
Moloco launches updates to Cloud Demand-Side Platform
The latest updates focus on improving performance through intelligent budget allocation, automating workflows through smart campaign UI/UX, and ad creation.
Story image
Sustainability
Hootsuite 2021 Impact Report shows workforce more diverse
Hootsuite has released its annual 2021 Impact Report detailing the results of its social impact initiatives following the launch of its corporate guiding principles.
Story image
CRM
Freshworks launches new CRM with Shopify availability
Freshworks has launched a new customer relationship management (CRM) solution, which has also been made available on the Shopify apps store.
Sift
Connected e-commerce apps are the future of retail and higher revenue growth. Read the new ebook by Sift to find out how to maximise your business potential.
Link image
Story image
Hugosave
Hugosave granted Major Payment Institution license
Hugosave has been granted a Major Payment Institution (MPI) licence from the Monetary Authority of Singapore (MAS).
Story image
Customer experience
8x8 and Genesys collaborate on customer service solution
With the new integration, organisations can align agents and the appropriate subject matter experts to collaborate for better customer outcomes.
Story image
Microsoft
FIS Modern Banking Platform now available on Microsoft Azure
FIS says the partnership will expand its digital online banking to markets like New Zealand, the United Kingdom and Thailand
Story image
Digital Marketing
Smith Brothers Media to drive marketing enhancements for Emperor Champagne
SBM will make site enhancements to the company's current Shopify theme, with a rebuild that includes quicker response times and improved conversion and performance. 
Story image
Customer experience
Dell Technologies expands edge innovations for retailers
Dell Technologies has announced the expansion of its edge solutions to help retailers quickly generate more value and deliver enhanced customer experiences.
Sift
Having secure retail solutions can be a make or break factor for a customers satisfaction. Sift has the expert tools and expertise to keep retail practices safe and customers happy.
Link image