BlackBerry Tackles Crypto Cyberattacks and the Threat Landscape

BlackBerry, once a formidable player in the smartphone sector, has recently exposed numerous malware families. These threats have been mobilized in substantial operations to steal cryptocurrency from unsuspecting victims. This information comes as a part of BlackBerry’s August issue of ‘The Global Threat Intelligence Report.’

A Problematic Crypto Industry Outlook

The report revealed that finance, healthcare, and governmental sectors are most susceptible to cyber threats.

From March to May 2023, BlackBerry’s advanced cybersecurity infrastructure successfully thwarted over 1.5 million potential attacks. During this period, the company singled out the burgeoning cryptocurrency sector as a hotspot for fraud, filled with unsuspecting individuals that fraudsters tend to target.

Check out our weekly crypto and fintech newsletter here!

Follow CryptoMode on Twitter, Youtube and TikTok for news updates!

The attackers continue to evolve and expand their arsenal, sidestepping defensive controls. They have mainly set their sights on legacy solutions that rely heavily on signatures and hashes, making these systems vulnerable.

A Surge in Commodity Malware Use for Cyberattacks

BlackBerry’s data analysis has identified a troubling rise in the use of commodity malware, such as ‘RedLine’. This invasive malware is proficient at siphoning sensitive information like saved passwords, credit card specifics, and crucial cryptocurrency data.

Among the numerous malware families discovered, ‘SmokeLoader’ is a primary concern. Having first surfaced in 2011, SmokeLoader has gained substantial popularity. Initially tied to Russian threat actors up to 2014, it has since been utilized to spread many malicious software, from ransomware, info stealers, to cryptocurrency miners, and banking Trojans.

Spam emails, booby-trapped documents, and spearphishing attacks are just some tactics used to spread SmokeLoader to its unsuspecting victims.

The Aftermath of a SmokeLoader Infiltration

After successfully breaching a victim’s system, SmokeLoader sets up a persistence mechanism to weather system reboots. It also employs DLL injection to hide within legitimate processes and conducts host enumeration. It then downloads and installs supplementary files or malware to perpetuate its malicious endeavors.

‘RaccoonStealer’ is another prominent malware designed to steal browser cookies, passwords, autofill web browser data, and cryptocurrency wallet information. Its infamous reputation has led it to be offered as Malware-as-a-Service (MaaS) on the dark web forums and other platforms.

Targeted Operating Systems

Linux operating systems are no longer safe, as threat actors increasingly exploit computer resources for cryptocurrency mining, particularly privacy-focused crypto-assets like Monero.

Moreover, a fresh danger has emerged for macOS users: an info stealer named ‘Atomic macOS’. It is programmed to steal credentials from keychains, browsers, cryptocurrency wallets, and other sensitive data from macOS-based devices.

Geographical Impact of Cyberattacks

The United States is where BlackBerry has thwarted the most attacks. However, the company has noted a significant surge in cyberattack activity in the Asia-Pacific (APAC) region.

South Korea and Japan have entered the top three, demonstrating a substantial increase in cyber threat activity. Notably, New Zealand and Hong Kong have improved considerably, clinching spots within the top 10 in attack prevention.

None of the information on this website is investment or financial advice. CryptoMode is not responsible for any financial losses sustained by acting on information provided on this website.