The cybersecurity landscape is constantly evolving, with new threats emerging every day. Blackberry, a pioneer in the smartphone industry, has recently detected several malware families that are being used to run massive campaigns aimed at stealing cryptocurrencies from unsuspecting victims. In its recent report, titled ‘The BlackBerry Global Threat Intelligence Report,’ the company highlights the top three industries facing the highest distribution of cyberattacks, namely finance, healthcare, and government.
During the period from March 2023 to May 2023, Blackberry’s cybersecurity solutions successfully prevented over 1.5 million attacks. The report reveals that the crypto industry has become a prime target for fraudsters who prey on unsuspecting individuals. These attackers are constantly adapting and expanding their range of tools to evade defensive controls, specifically targeting legacy solutions that rely on signatures and hashes.
The Rise of Commodity Malware
Blackberry’s telemetry has identified a concerning trend in the usage of commodity malware such as ‘RedLine.’ This particular malware is capable of extracting various sensitive information from infected devices, including saved credentials, credit card details, and cryptocurrency data. Another notable malware family is ‘SmokeLoader,’ which has been an ongoing threat in the cybersecurity landscape since its first appearance in 2011. Initially associated with Russian-based threat actors, SmokeLoader has evolved into a versatile tool used to distribute various types of malware, ranging from ransomware to crypto miners and banking Trojans.
The distribution of SmokeLoader occurs through spam emails, weaponized documents, and spearphishing attacks. Once it infiltrates a victim’s system, SmokeLoader establishes persistence mechanisms to survive reboots and employs DLL injection techniques to camouflage itself within legitimate processes. It then proceeds to conduct host enumeration and download/install additional files or malware to carry out its malicious activities.
Infostealers, such as ‘RaccoonStealer,’ have gained notoriety for their ability to acquire sensitive data, including browser cookies, passwords, auto-fill web browser data, and cryptocurrency wallet information. What makes RaccoonStealer particularly alarming is its accessibility as a Malware-as-a-Service (MaaS) offering on dark web forums and similar platforms. This availability enables cybercriminals with little technical expertise to access advanced hacking tools, amplifying the scale of the threat.
While Windows operating systems have traditionally been the primary targets for cyberattacks, Linux and macOS systems have also come under the crosshairs of threat actors in recent years. Linux operating systems, in particular, are attracting attention as cybercriminals seek to exploit computer resources for cryptocurrency mining. Monero, a privacy-centric crypto-asset, is the main target for such mining activities on Linux systems.
On the other hand, macOS users are now facing a new threat in the form of an infostealer called ‘Atomic macOS.’ This malware is specifically designed to collect credentials from keychains, browsers, cryptocurrency wallets, and other sensitive data stored on macOS-based devices. The rise of macOS-targeting malware highlights the evolving tactics employed by threat actors to diversify their attacks across different platforms.
Blackberry has reported that the highest number of attacks have been thwarted in the United States. However, during the reporting period, the company observed a significant surge in cyberattacks in the Asia-Pacific (APAC) region, with South Korea and Japan now ranking among the top three countries in terms of attack prevention. It is worth noting that New Zealand and Hong Kong have also made significant progress, securing positions within the top 10.
As the cybersecurity landscape continues to evolve, it is crucial for individuals and organizations to stay vigilant against emerging threats. The rise of malware families targeting the crypto industry, the prevalence of commodity malware, the accessibility of MaaS offerings, and the increasing threat to Linux and macOS systems all underline the need for robust cybersecurity measures.
Blackberry’s Global Threat Intelligence Report serves as a reminder that the fight against cybercrime is an ongoing battle. It is imperative for individuals and organizations to prioritize cybersecurity and invest in advanced solutions to protect sensitive data and prevent financial losses. With constant advancements in technology, cybercriminals will continue to find new ways to exploit vulnerabilities. Only through proactive measures and a collective effort can we ensure a safer digital environment for everyone.