Security News > 2022 > January > BlueNoroff hackers steal crypto using fake MetaMask extension

BlueNoroff hackers steal crypto using fake MetaMask extension
2022-01-13 20:14

The North Korean threat actor group known as 'BlueNoroff' has been spotted targeting cryptocurrency startups with malicious documents and fake MetaMask browser extensions.

BlueNoroff uses these real discussions to name laced documents accordingly and send them to the target employee at the right time.

Stealing stored data from Chrome, Putty, and WinSCP. Fake MetaMask steal crypto from victims.

BlueNoroff steals user credentials that can be used for lateral movement and deeper network infiltration, while they also collect configuration files relevant to cryptocurrency software.

Kaspersky notes that tampering with the Metamask Chrome extension requires a thorough analysis of 170,000 lines of code, indicative of the skills and determination of BlueNoroff.

Victims can only detect the extension is fake by switching the browser to Developer mode and seeing the extension source pointing to a local directory rather than the online store.


News URL

https://www.bleepingcomputer.com/news/security/bluenoroff-hackers-steal-crypto-using-fake-metamask-extension/