Cross chains, beware! deBridge flags attempted phishing attack, suspects Lazarus Group


Cross-chain protocols and Web3 firms continue to be targeted by hacking groups as deBridge Finance unpacks a failed attack that bears the hallmarks of North Korea’s Lazarus Group hackers.

deBridge Finance employees received what looked like another ordinary email from co-founder Alex Smirnov on a Friday afternoon. An attachment labeled ‘New Salary Adjustments’ was bound to pique interest, with various cryptocurrency firms instituting staff layoffs and pay cuts during the ongoing cryptocurrency winter.

How To Get Free Crypto  

A handful of employees flagged the email and its attachment as suspicious, but one staff member took the bait and downloaded the PDF file. This would prove fortuitous, as the deBridge team worked on unpacking the attack vector sent from a spoof email address designed to mirror Smirnov’s.

The co-founddelved into the intricacies of the attempted phishing attack in a lengthy Twitter thread posted on Aug. 5, acting as a public service announcement for the wider cryptocurrency and Web3 community:

Smirnov’s team noted that the attack would not infect macOS users, as attempts to open the link on a Mac leads to zip archive with the normal PDF file Adjustments.pdf. However Windows-based systems are at risk as Smirnov explained:

“The attack vector is as follows: user opens link from email, downloads & opens archive, tries to open PDF, but PDF asks for a password. User opens password.txt.lnk and infects the whole system.”

The text file does the damage, executing a cmd.exe command which checks the system for anti-virus software. If the system is not protected, the malicious file is saved in the autostart folder and begins to communicate with the attacker to receive instructions.

Coinbase Banner  

Related: ‘Nobody is holding them back’ — North Korean cyber-attack threat rises

The deBridge team allowed the script to receive instructions but nullified the ability to execute any commands. This revealed that the code collects a swathe of information about the system and exports it to attackers. Under normal circumstances, the hackers would be able to run code on the infected machine from this point onward.

Smirnov linked back to earlier research into phishing attacks carried out by the Lazarus Group which used the same file names:

2022 has seen a surge in cross-bridge hacks as highlighted by blockchain analysis firm Chainalysis. Over $2 billion worth of cryptocurrency has been fleeced in 13 different attacks this year, accounting for nearly 70% of stolen funds. Axie Infinity’s Ronin bridge has been the worst hit so far – losing $612 million to hackers in March 2022.

Go to Source
Author: Gareth Jenkinson

Recommended Crypto Services, Products and Strategies:

The first thing any crypto investor needs is is a reliable and secure Crypto Wallet.  Whether you’re looking for an online wallet, hardware wallet, desktop or mobile wallet, Crypto Renegade provides you with all the Best Crypto Wallets in each category.

FreeBitcoin Banner  

Best Crypto Wallets Banner

When you’re ready to buy more crypto, or exchange your coins for others, Crypto Renegade’s list of the Best Crypto Exchanges has you covered.  The Crypto Exchanges recommended here offer everything from simplicity and convenience to advanced trading platforms and profit sharing. 

Best Crypto Exchanges Banner

If you want to learn more about the methods and tools that can be used to find Great Crypto Projects, then be sure to check out Crypto Renegade’s strategy for How To Find The Best Cryptocurrency.

Crypto Strategy Banner

For those people that don’t have any money to invest right now, or just want to understand the technology a bit more, you’ll definitely want to check out Crypto Renegade’s Free Crypto Strategy and start collecting Free Coins today!

Free Crypto Banner

What do you think about cryptocurrency? Do you have any questions about it? Be sure to leave a comment below.

This site uses Akismet to reduce spam. Learn how your comment data is processed.