South Korean users of crypto exchange UpBit fell victim to a phishing attack

The South Korean cryptocurrency exchange might have fallen victim to hackers from neighboring North Korea. The attackers allegedly exploited smart phishing techniques, according to the report published by the security company East Security.

On May 28, the hacker or a group of hackers sent a malicious email to UpBit customers requesting additional information about customer’s fictional sweepstakes payout. However, the company never sent such email and it did not come from any of the servers belonging the exchange.

The mail contained an attachment with the documentation for the payout. Once a user opened the fine, it would run a malicious code embedded therein and sent information about the user’s machine along with their private keys and credentials to hackers. Moreover, the virus also connected the infected computer to a command and control system to allow hackers accessing it remotely.

“In analyzing attack tools and malicious codes used by hacker groups, there are unique characteristics we saw. As bitcoin prices rise, more and more customers are using exchanges. This means that the number of victims has increased, which means that the possibility of stealing passwords stored in the exchange has increased,” the head of the ESRC Center at East Security Mun Jong-hyun commented.

He also noted that similar attacks known as Operation Fake Striker were made on Korean government agencies in January. 

The hackers password-protected the file with the malicious code, which made it harder for traditional anti-virus tools to detect a threat. The experts urge users to be vigilant and never open or install suspicious files.

“We have not heard of any reported damage. In order to avoid cyber attacks, you should not install or click suspicious files or documents,” noted Mun Jong-hyun.