See More

Microsoft Warns of Scammers Targeting Crypto Startups With ‘Weaponized’ Excel Files

2 mins
Updated by Geraint Price
Join our Trading Community on Telegram

In Brief

  • Ransomware has transformed from a fringe internet novelty to a massive illegal business with the help of crypto.
  • Crypto investment fund startups are being targeted by threat actors, according to a recent report by Microsoft.
  • The infamous North Korean group, Lazarus, was one of the leading names using ransomware attacks to their advantage.
  • promo

The security team of Microsoft has uncovered threat actors targeting crypto startups and claims Telegram chat is being used to gain access and trust of other firms.

Ransomware is a malicious program or malware that blocks access to files on a computer until a fee is paid to the perpetrator. Like any other virus, it can spread between computers bringing down whole networks. Over 30 years, ransomware has transformed from a fringe internet novelty to a massive illegal business. 

Crypto Playing a Part

Now cryptocurrencies have played a big part in the rise of ransomware. The anonymity of cryptocurrencies like Bitcoin has made ransomware even more appealing to cybercriminals. As hackers move and exchange cryptocurrency through a maze of accounts and across countless borders, it can become virtually untraceable. It isn’t easy to know exactly how much criminal activity relies on cryptocurrency.

Hackers might feel so secure in their anonymity that they set up customer care websites and portals to help victims send payments. They operate very much like legitimate businesses. 

These attacks can come in various forms, including illicit actors directly engaging with an organization within an industry for financial gains. While most of these hacks go undetected, a small share does see the light, as is the case. 

Threat Actor DEV-0139

The Microsoft Security Threat Intelligence team highlighted one attack targeting cryptocurrency startups. In a report dated Dec. 6, the team looked into a threat actor named “DEV-0139.”

The actor posed as a representative of a different crypto investment company and gained access through the Telegram chat. Even asked for feedback on the fee structure used by crypto exchange platforms. After gaining trust, the alleged actor sent a spreadsheet titled “OKX Binance & Huobi VIP fee comparison.xls.” However, it contained a malicious code that could remotely access the victim’s system. 

Zooming out, the entire attack, as compiled by Microsoft’s security team, looked like this: 

Overview of the attack by Microsoft
Source: Microsoft

Needless to say, the hacker had in-depth exposure and knowledge of cryptocurrency companies as evident in the chart above. In addition to this, Microsoft also identified another similar attack with a “similar mechanism as ‘logagent.exe’ and delivering the same payload.”

The infamous North Korean group, Lazarus, was one of the leading names using ransomware attacks to their advantage. 

Overall, given the rise in cryptocurrency and the lump sum of money flowing in, companies, and individuals need to maintain caution against such risks. 

Top crypto projects in the US | May 2024



In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content. Please note that our Terms and ConditionsPrivacy Policy, and Disclaimers have been updated.

Shubham Pandey
An engineer and an accountant by degree, Shubham ventured into the crypto world to pursue his passion. He believes digital currencies will redefine our economies in the decades to come, which drove his transition into this industry. Shubham has a multicultural background, having lived across India, Qatar, Oman and Australia. He is currently settled in Melbourne. As a News Writer, Shubham aims to actively analyze trends in the crypto world and break it down for everyday readers.