By Richard Hines
Hackers identified as DEV-0139 have focused their attention on big exchanges, including small ones; businesses and exchange operators have been advised against downloading files with malicious content.
Microsoft Discoveres New Hackers Tagged DEV-0139
A group of hackers known as DEV 0139 have employed a new hacking technique that targets major crypto exchanges and corporations through the social media messaging app, Telegram. When Microsoft’s security division recently began looking into cybercrimes in the crypto area, they came across this tactic.
Large transaction fees charged by cryptocurrency exchanges have proven to be a significant problem for rich traders. One feels that these fees are a cost that needs to be reduced in order to mitigate the impact that it might have on profitability.
Exchanges stand out as the organization in the sector with the highest fee charge, according to records.
The hackers used this as a leverage point in this circumstance, luring and misleading their intended exchanges.
The Hackers Techniques
These hackers joined numerous Telegram channels that prominent clients and representatives of exchanges used to communicate and gather information. They targeted large firms, initiating conversation with representatives from exchanges including Binance.
DEV-O139 invited its targeted individuals to a different chat room while posing as a representative from one of the exchanges and enquiring about the structure put in place for fees.
Due to their extensive awareness and in-depth knowledge of the situation and business being discussed among the top clientele of numerous exchanges and organizations, they were able to interact successfully with the target and win their trust.
These hackers distributed a malicious excel file that provided accurate information on the structure of exchange fees and was initially intended to increase the credibility of the exchange.
The malicious hidden file that retrieves information from the system and transfers it into another file which is automatically downloaded into the system once this client’s download the distributed Excel file into their system.
Then, this excel file will be run in a covert, undetectable manner, downloading files that will be used by the hackers.
The DLL file contains libraries of information and code that may be used by several programs to operate at the same time, whereas XOR file is an encryption technique that encrypts data in a way that makes it difficult to decode.
Through the backdoor, the hackers were eventually able to access these exchange’s databases.