Inside the BlueNoroff Web3 macOS Intrusion Analysis

June 23, 2025, 8:19 p.m.

Description

A detailed analysis of a sophisticated intrusion targeting a cryptocurrency foundation employee is presented. The attack, attributed to the North Korean APT group BlueNoroff, began with a social engineering lure via Telegram, leading to the installation of malicious software disguised as a Zoom extension. The intrusion involved multiple stages of malware deployment, including persistent implants, backdoors, keyloggers, and cryptocurrency stealers. The attackers utilized advanced techniques such as process injection on macOS and leveraged various tools to collect sensitive information, particularly focusing on cryptocurrency-related data. The analysis covers the initial access vector, technical details of the malware components, and their functionalities, providing insights into the evolving tactics of state-sponsored threat actors targeting macOS systems.

Date

  • Created: June 19, 2025, 7:38 a.m.
  • Published: June 19, 2025, 7:38 a.m.
  • Modified: June 23, 2025, 8:19 p.m.

Indicators

  • ad21af758af28b7675c55e64bf5a9b3318f286e4963ff72470a311c2e18f42ff
  • c4db903322d17c8cbf1d1db55124854c0b070d6ece54162b6a4d06df24c572df
  • ad01beb19f5b8c7155ee5415781761d4c7d85a31bb90b618c3f5d9f737f2d320
  • 4cd5df82e1d4f93361e71624730fbd1dd2f8ccaec7fc7cbdfa87497fb5cb438c
  • 469fd8a280e89a6edd0d704d0be4c7e0e0d8d753e314e9ce205d7006b573865f
  • 432c720a9ada40785d77cd7e5798de8d43793f6da31c5e7b3b22ee0a451bb249
  • 3dd226d0b700f33974f409142defb62a8cd172ae5f2eb9beb7f5750eb1702e2a
  • 2e30c9e3f0324011eb983eef31d82a1ca2d47bbd13a6d32d9e11cb89392af23d
  • 14e9bb6df4906691fc7754cf7906c3470a54475c663bd2514446afad41fa1527
  • 1ddef717bf82e61bf79b24570ab68bf899f420a62ebd4715c2ae0c036da5ce05
  • 080a52b99d997e1ac60bd096a626b4d7c9253f0c7b7c4fc8523c9d47a71122af
  • support.us05web-zoom.biz
  • metamask.awaitingfor.site
  • safeupload.online
  • safefor.xyz
  • readysafe.xyz
  • productnews.online
  • firstfromsep.online

Additional Informations

  • Cryptocurrency