According to cybersecurity firm Recorded Future, North Korean hacker groups have swiped around $3 billion since 2017, with BlueNoroff—an infamous North Korean hacking crew—now going after crypto companies using fresh macOS-targeting malware.
SentinelLabs’ report reveals that this latest malware, dubbed “Hidden Risk,” is spread through PDFs and goes after unsuspecting users with bait like fake news headlines and credible-looking crypto market research. When the PDF is downloaded, a harmless decoy opens while the malware stealthily installs on the macOS desktop in the background, giving BlueNoroff a backdoor to steal sensitive data like private keys for digital wallets.
The FBI has repeatedly sounded the alarm on BlueNoroff and the larger Lazarus Group, warning crypto firms to boost security measures. Since 2022, BlueNoroff has ramped up phishing attacks, setting up fake domains to mimic legitimate VC firms and infiltrate target computers. More recently, in September 2024, the FBI noted that Lazarus was back at it with social engineering schemes, offering fake job opportunities to employees at exchanges and DeFi firms. Once trust was established, victims clicked on links that opened the door for hackers to access and drain funds from their desktop wallets.
