In a recent case of crypto cybertheft, a hacker identified as DEV-0139 has earmarked wealthy cryptocurrency funds through the use of Telegram group chats, Microsoft’s (MSFT) Security Intelligence team stated in a report on Wednesday.
Fees attached to transactions by cryptocurrency exchanges are a huge obstacle for investment funds and wealthy traders. They identify as a cost and must be enhanced to reduce the effect on margins and gains. The biggest expenses hail from fees sanctioned on transactions by cryptocurrency exchanges.
Hackers seek to exploit telegram chats to cart away crypto funds
The hacker or group of hackers’ plan is to exploit this particular problem and use it to lure their crypto-target funds. DEV-0139 joined numerous Telegram groups filled with high-profile investors and exchanges for communication. They picked out their targets among these group members and began working on them. OKX, Huobi and Binance exchanges were earmarked, data extracted from the Microsoft report indicates.
Disguising as an exchange staff, DEV-0139 invited the targets to a different chat group entirely and posed to request feedback on the transaction fee model implemented by these crypto exchanges. They then started a discussion to establish mutual solidarity deploying their vast knowledge of the industry and a rapid zest to lure victims gradually.
DEV-0139 then forwarded a weaponized Excel file that has valid information about fee structures among cryptocurrency exchange firms with the aim of spiking their credence.
The Excel file initiated a series of activities, including using a malicious program to retrieve data and drop another Excel sheet. This sheet was then executed in invisible mode and used to download a picture file containing three executables: a legitimate Windows file, a malicious version of a DLL file and an XOR-encoded back door.
A DLL is a library that contains code and data that can be used by more than one program at the same time. On the other hand, XOR is an encryption method used to encrypt data and is hard to crack by the brute-force method
The hacker was then able to remotely access the infected system through the use of the back door. Microsoft said DEV-0139 may have also run other campaigns using similar techniques.
“To identify the targets, the threat actor sought out members of cryptocurrency investment groups on Telegram. In the specific attack, DEV-0139 got in touch with their target on October 19, 2022 by creating a secondary Telegram group with the name <NameOfTheTargetedCompany> <> OKX Fee Adjustment and inviting three employees.
“The threat actor created fake profiles using details from employees of the company OKX. The screenshot below shows the real accounts and the malicious ones for two of the users present in the group,” the report states.
Crypto Investors Need to be more careful
This is a stern warning to crypto investors as attackers are all over the market looking to exploit the market. The market has suffered hugely from a good number of catastrophic and unprecedented events. Traders have been left spellbound and uncertain by the sector’s numerous twists.
The revelation of these attackers using telegram chats is a big sign and warning for crypto traders who are carefree and unattentive to suspicious moves. To avoid suffering from avoidable losses, crypto investors must be on their toes, always ready to question every sort of offer and move.
Get the best of Africa’s daily tech to your inbox – first thing every morning.
Join the community now!