North Korean hackers have new tactics
According to an FBI report, North Korean hackers are actively targeting the encryption industry and are expanding their attack scope through "well-disguised" attack methods.
Recently, software security company McAfee discovered a new Android malware called SpyAgent. This malware can quietly steal screenshots, images, etc. stored in smartphones, and automatically identify the private keys. , mnemonics and other important information.
How does malware get into your phone?
McAfee pointed out that the SpyAgent malware will use seemingly normal messages or letters through text messages, emails, etc. to lure unsuspecting users into clicking on malicious links, which will redirect users to seemingly legitimate websites.
These websites are often disguised as banking applications, government applications, streaming media services, or airdrops for various cryptocurrency projects, etc., further reducing users’ wariness. Once users download and install the linked applications, they will At the same time, the malware SpyAgent is installed on the phone.
Once installed, the malware asks users for permission to access contacts, messages and local storage, making it easy for hackers to gain access to users' personal data.
Attention if you like screenshots!
The characteristic of SpyAgent is that it is not just a simple text stealing in the past, but a new technology called optical character recognition (OCR) to extract the text in the screenshot, which makes your phone not only Text data and even information saved in images will be read.
In the currency circle, there are many people with insufficient security awareness who will save important information such as mnemonics and private keys through screenshots for convenience when transferring and importing wallets. Even after deleting, it will remain on their mobile phones. Download the file.
After intrusion, this technology can easily obtain these images, identify key information such as mnemonics and wallet addresses, and convert them into text for hackers to use.
Mac users are not immune either
In addition to Android systems, Mac users also face similar threats. In August this year, security researchers discovered a piece of malware called "Cthulhu Stealer" that specifically targeted MacOS systems.
Like SpyAgent, this malware masquerades as a legitimate application and once installed, will steal users' personal information, including MetaMask passwords, IP addresses, and even private keys from cold wallets.
Microsoft browser vulnerabilities also become targets
In addition to Android and MacOS, Microsoft's Google Chrome browser has also begun to be targeted by hackers. In August this year, Microsoft discovered that the North Korean hacker group Citrine Sleet had created a fake cryptocurrency exchange website and sent "high-paying job openings, job applications" to employees of major companies, luring them to click on malicious links.
Once users click and view these links, their systems will be installed with remotely controlled malware, ultimately leading to the leakage of important company information and theft of cryptocurrency.
As the cryptocurrency market grows, so does the threat of hacking attacks. From SpyAgent to Cthulhu Stealer to browser vulnerabilities, each attack shows how hackers are evolving at a rapid pace.
Cryptocurrency investors should remain highly vigilant and take security measures to protect their assets from various attacks by hackers.
