Kaspersky have previously reported on cryptocurrency-focused BlueNoroff attacks.
It appears that BlueNoroff shifted focus from hitting banks and SWIFT-connected servers to solely cryptocurrency businesses as the main source of the group’s illegal income.
These attackers even took the long route of building fake cryptocurrency software development companies in order to trick their victims into installing legitimate-looking applications that eventually receive backdoored updates.
Kaspersky reported about the first variant of such software back in 2018, but there were many other samples to be found, which was later reported by the US CISA (Cybersecurity and Infrastructure Security Agency) in 2021.