North Korean hackers send malicious app on Telegram to lure crypto

The North Korean hackers persuade people on Telegram to download ‘crypto storages’ that are infected with malware to steal their funds. Microsoft issued a warning on the matter.

How attackers invade Telegram groups

According to Bloomberg’s recent investigation, The North Korean hacking group, Lazarus, has created a new approach to stealing crypto assets. The publication claims that they trick people into downloading a malicious file on the Telegram app that spreads a Windows-specific infection. When the system is bypassed, the cybercriminals have immediate access to any cryptocurrency kept within. 

One such app is called Samora. It promises to give customers a way to store their cryptocurrencies safely but is, in fact, laden with North Korean malware. Links to the app circulated over Telegram, prompting users to a website that hosts the file. It’s unclear how many people fell victim to the scam and installed the app, as it is unavailable on Google Play or App Store.

On Dec. 6, Microsoft warned that hackers are infiltrating crypto-related Telegram group chats, encouraging members to download malware that looks like cryptocurrency software. Attackers, in one case, dropped the Binance and OKX brand names to boost their credibility with potential victims, then directed users to malicious Excel files.

The Lazarus Group is a cyber threat group operating in North Korea. It has been active since around 2009. It is notorious for attacking high-profile targets worldwide, including banks, media organizations, and government agencies.

The group is also suspected of being responsible for the 2014 Sony Pictures hack and the WannaCry ransomware attack of 2017.