Hackers attack cryptocurrency owners on Telegram

Hackers from North Korea have come up with a new way to steal cryptocurrency — attackers attack owners of digital assets on Telegram.

According to Bloomberg, the hackers spread links to their Somora application on the messenger, which is supposed to keep users' digital assets safe. In fact, Somora is a cryptocurrency stealing malware. The goal of the hackers is to trick users into downloading the program to their phones and gaining access to the keys to the victims' cryptocurrency wallets.

It is currently unknown how many users have downloaded Somora and whether there are any victims. The malware can only be downloaded via a link from Telegram; the hacker app is not available on Google Play or the App Store. The link to the program is distributed on Telegram, directing users to the site where the file is hosted.

Telegram messenger is popular among cybercriminals for stealing cryptocurrency. A few days ago, Microsoft’s security team uncovered a cyberattack aimed at cryptocurrency startups. The hackers gained users' trust through a Telegram chat and sent an Excel file called «OKX Binance and Huobi VIP fee comparison. xls» that contained malicious code that could remotely access the victim’s system.

Although Microsoft did not name any specific suspects, cybersecurity company Volexity also published its findings on the attack, linking it to the North Korean hacker group Lazarus. According to analysts, Lazarus Group attackers use similarly malicious spreadsheets comparing crypto exchange fees to spread the AppleJeus malware. It was this program that they used in digital asset theft operations.