Security News > 2022 > January > BlueNoroff hackers steal crypto using fake MetaMask extension
The North Korean threat actor group known as 'BlueNoroff' has been spotted targeting cryptocurrency startups with malicious documents and fake MetaMask browser extensions.
BlueNoroff uses these real discussions to name laced documents accordingly and send them to the target employee at the right time.
Stealing stored data from Chrome, Putty, and WinSCP. Fake MetaMask steal crypto from victims.
BlueNoroff steals user credentials that can be used for lateral movement and deeper network infiltration, while they also collect configuration files relevant to cryptocurrency software.
Kaspersky notes that tampering with the Metamask Chrome extension requires a thorough analysis of 170,000 lines of code, indicative of the skills and determination of BlueNoroff.
Victims can only detect the extension is fake by switching the browser to Developer mode and seeing the extension source pointing to a local directory rather than the online store.
News URL
Related news
- Hackers target AI and crypto as software supply chain risks grow (source)
- North Korean hackers adopt ClickFix attacks to target crypto firms (source)
- Hackers abuse Zoom remote control feature for crypto-theft attacks (source)
- North Korean Hackers Spread Malware via Fake Crypto Firms and Job Interview Lures (source)