TraderTraitor: North Korean State-Sponsored APT Targets Blockchain Companies
Intrusions begin with a large number of spearphishing messages sent to employees of cryptocurrency companies-often working in system administration or software development/IT operations (DevOps)-on a variety of communication platforms.
The messages often mimic a recruitment effort and offer high-paying jobs to entice the recipients to download malware-laced cryptocurrency applications, which the U.S. government refers to as “TraderTraitor.” The term TraderTraitor describes a series of malicious applications written using cross-platform JavaScript code with the Node.js runtime environment using the Electron framework.
The malicious applications are derived from a variety of open-source projects and purport to be cryptocurrency trading or price prediction tools.
Featured Resources
Subscribe to Our Blog
Subscribe now to get the latest insights, expert tips and updates on threat exposure validation.
Subscribe