With the continuous evolution of cyber threats, Blackberry has recently detected multiple malware families that target crypto assets, leading to massive campaigns in stealing cryptocurrencies from vulnerable devices. In the recent edition of ‘The BlackBerry Global Threat Intelligence Report,’ the once-dominant smartphone giant highlighted the finance, healthcare, and government sectors as the most targeted industries for cyberattacks. Analyzing a period spanning from March to May 2023, Blackberry’s cybersecurity solutions successfully prevented over 1.5 million attacks. During this time, the company discovered that the crypto industry has become an attractive target for fraudsters preying on unsuspecting victims. Attackers are now employing various techniques to bypass traditional defense mechanisms, specifically targeting outdated solutions reliant on signatures and hashes.
BlackBerry’s comprehensive telemetry has identified an emerging trend involving the use of commodity malware, such as the infamous ‘RedLine’. This versatile malware is capable of extracting highly sensitive information, including saved credentials, credit card details, and cryptocurrency data. Another prominent malware family, ‘SmokeLoader’, has consistently plagued the threat landscape. Known since its debut in 2011, SmokeLoader has gained significant popularity over the years. Initially tied to Russian-based threat actors until 2014, SmokeLoader has been utilized to distribute a wide range of malicious software, including ransomware, infostealers, crypto miners, and banking Trojans. Its distribution is primarily facilitated through spam emails, weaponized documents, and targeted spearphishing attacks. Upon infiltrating a victim’s system, SmokeLoader establishes a persistence mechanism to withstand reboots, camouflages within legitimate processes through DLL injection, enumerates host systems, and downloads/install additional files or malware, further exacerbating its malicious activities.
One of the most concerning threats in the landscape is RaccoonStealer, an infostealer explicitly designed to acquire crucial information, such as browser cookies, passwords, auto-fill web browser data, and cryptocurrency wallet credentials. This malware has gained infamy for being offered as a ‘Malware-as-a-Service’ (MaaS) on dark web forums and similar platforms. The rise of Linux operating systems as targets for threat actors is also noteworthy as these adversaries aim to exploit computer resources for cryptocurrency mining, particularly focusing on privacy-centric assets like Monero. Moreover, macOS users are now facing a new menace in the form of the infostealer called Atomic macOS. This specific malware is tailored to extract credentials from keychains, web browsers, cryptocurrency wallets, and other sensitive data stored on macOS-based devices.
BlackBerry’s threat intelligence report reveals that the United States has had the highest number of attacks successfully thwarted. However, during the reporting period, the Asia-Pacific (APAC) region witnessed a significant surge, with South Korea and Japan now ranking among the top three countries affected by cyber threats. Notably, New Zealand and Hong Kong have made noteworthy progress in securing positions within the top 10 countries in terms of attack prevention.
The digital landscape is evolving rapidly, with threat actors continually finding new ways to exploit vulnerabilities in emerging technologies. The rise of malware campaigns targeting the crypto industry is alarming and demands immediate attention from organizations operating in this sector. Increased investment in robust cybersecurity solutions is essential to protect vital assets from falling into the wrong hands. Blackberry’s dedication to identifying and mitigating cyber threats is commendable, but more collective efforts are needed to combat the ever-increasing sophistication of malicious actors. By staying vigilant, implementing updated defense mechanisms, and prioritizing cybersecurity, individuals and organizations can significantly reduce the risk of falling victim to crypto-stealing malware.