CDS Crypto News An Attacker Is Using Telegram Chats to Target Rich Crypto Funds
Crypto News

An Attacker Is Using Telegram Chats to Target Rich Crypto Funds

536
An Attacker Is Using Telegram Chats To Target Rich Crypto Funds

According to a report published last week by Microsoft‘s Security Intelligence team, the attacker known as DEV-0139 is targeting rich cryptocurrency funds using Telegram group conversations in current crypto-focused attacks.

Crypto Attacks

Mutual funds and wealthy traders are largely struggling with the transaction fees imposed by cryptocurrency exchanges. To reduce their negative impact on margins and earnings, and because they are costly, they need to be optimized. Like many other businesses in this industry, stock market fees make up the majority of expenses. The attacker or a gang of attackers, on the other hand, used this particular problem to manipulate crypto fund targets.

Joining several Telegram groups popular with high-profile users and exchanges, DEV-0139 chose its targets from the groups. According to the information in the Microsoft report, exchanges such as OKX, Huobi, and Binance were the target of this attack.

What Did DEV-0139 Do?

While directing his target to a different chat group, DEV-0139 pretended to be an exchange employee and pretended to ask for opinions on the cost structures used by exchanges. After gaining the trust of the target, he lured the victims into a conversation in which he gradually manipulated them using their industry knowledge and readiness.

DEV-0139 then sent a weaponized Excel file containing precise information about the fee structures of various bitcoin exchange companies, in an attempt to boost his reputation. A number of actions were initiated by the Excel file, including retrieving data using a malicious application and leaving another Excel sheet. Running in incognito mode, this page was then used to download an image file containing three executable files: a secure Windows file, a malicious DLL file and an XOR-encoded backdoor.

The backdoor was then used by the threat actor to gain remote access to the compromised system. Microsoft, on the other hand, claimed that DEV-0139 may have used similar strategies before.

References

www.coindesk.com

Written by
lectertodd

Lectertodd is 27 years old. She graduated from Çankaya University, Department of Psychology, in 2021. She actively works as a writer, translator, and editor for various websites. Moreover, she loves reading, researching, and learning new things.

Leave a comment

Leave a Reply

Related Articles

Crypto Market Trends: Best Tokens for December 2024

Discover the top cryptocurrencies to watch in December 2024, including EarthMeta, Bitcoin,...

Bitcoin Price: BTC Rebounds After Flash Volatility

Bitcoin bounces back to $97K after political turmoil in South Korea, with...

RLUSD Stablecoin: Ripple’s December 4 Launch Date Announced

Ripple is set to launch its US dollar-backed stablecoin, RLUSD, on December...

Rollblock Crypto Surge: 270% Increase in RBLK Token Amid Solana and PEPE Struggles

Rollblock's RBLK token has surged 270% amid a market downturn for Solana...