Microsoft’s security division has investigated an attack in which a malicious actor targeted various cryptocurrency investment firms.
The threat actor, identified as DEV-013, was able to infiltrate chat groups on the popular messaging app Telegram and pose as a representative of a cryptocurrency investment firm. They pretended to talk about trading fees with VIP clients of major exchanges. The hacker had extensive knowledge of the subject, which made it easier for them to gain the trust of their victim.
They intended to dupe cryptocurrency investment funds into downloading an Excel file. While the document contains accurate information about the fee structures of major cryptocurrency exchanges, it also contains a malicious macro that executes another Excel sheet in the background. This allows the bad actor to gain remote access to the infected system of the victim.
Microsoft’s findings also imply that there may be other campaigns targeting crypto companies that use the same techniques. According to the tech titan, the cryptocurrency industry is “a field of interest” for cybercriminals. They can target both large and small businesses. Microsoft advises taking additional precautionary measures to avoid such attacks.
This August, cybersecurity company Check Point Software Technologies discovered a cryptocurrency mining malware campaign that had infected over 111,000 users. Microsoft and the world’s largest chipmaker Intel announced a partnership last April to prevent malicious crypto mining.
