'Hidden Risk' is a new crypto hack campaign launched by hackers connected to the Lazarus group, a hacker group known to have affiliations with North Korea.
In this attack, hackers used sophisticated phishing techniques and disguised financial reports to spread malware. The main targets are crypto traders and companies in the DeFi industry, which are a source of revenue to take advantage of security flaws.
Researchers at Sentinel Labs revealed that the malware used in this campaign was able to infiltrate macOS devices and bypass Apple's Gatekeeper security system. By using a valid Apple Developer ID, hackers were able to trick the security system and ensure the malware continued to run in the background even after the device was restarted.
The hackers behind 'Hidden Risk' are using increasingly sophisticated phishing tactics disguised as email notifications regarding the latest trends in the crypto market, particularly in reports related to BTC and DeFi. They send legitimate-looking emails, complete with PDF links that victims believe to be the latest financial or trend reports. However, when the victim downloads and opens the file, malware is immediately installed on their device.
Not only does this malware steal users' login data or financial information, but it can also monitor victims' activity and connect to servers controlled by North Korea. This undercover tactic proves that hackers are getting better at luring victims and understanding the psychology of traders who often want quick access to the latest information.