SnatchCrypto attack hits DeFi and Blockchain Platforms with backdoor

Kaspersky researchers believe that North Korean government-backed hackers from the Lazarus Group are behind the SnatchCrypto attack.

The IT security researchers at Kaspersky have revealed details of a new campaign that the company has been tracking under the name SnatchCrypto.

According to Kaspersky’s research, this campaign entails emptying cryptocurrency wallets of those organizations that are part of crypto and financial spaces. 

Countries targeted in SnatchCrypto attack

Research reveals that the campaign has been active since 2017 and its main targets are FinTech sector firms in the following countries:

India China Poland Russia Ukraine Vietnam Slovenia Singapore Hong Kong United States Czech Republic United Arab Emirates How the attack takes place

In a blog post, Kaspersky researchers explained how the attack works and how unsuspected users are tricked into giving away their funds.

“When the compromised user transfers funds to another account, the transaction is signed on the hardware wallet. However, given that the action was initiated by the user at the very right moment, the user doesn’t suspect anything fishy is going on and confirms the transaction on the secure device without paying attention to the transaction details.”

“The user doesn’t get too worried when the size of

Read More: