Crypto wasted: BlueNoroff’s ghost mirage of funding and jobs
BlueNoroff, a financially motivated threat actor, has been conducting two sophisticated campaigns dubbed GhostCall and GhostHire. GhostCall targets macOS devices of tech executives and venture capitalists through fake Zoom-like meetings, while GhostHire targets Web3 developers through fake recruitment processes. Both campaigns utilize various malware chains, including ZoomClutch, DownTroy, CosmicDoor, RooTroy, and SilentSiphon. The attacks involve social engineering, AI-enhanced images, and multi-stage malware deployment across Windows, macOS, and Linux systems. BlueNoroff has expanded its focus beyond cryptocurrency theft to comprehensive data acquisition, enabling supply chain attacks and leveraging established trust relationships for broader impact.
Pulse ID: 69003b85c217870cc5794cc6
Pulse Link: https://otx.alienvault.com/pulse/69003b85c217870cc5794cc6
Pulse Author: AlienVault
Created: 2025-10-28 03:41:57
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#BlueNoroff #CyberSecurity #InfoSec #Linux #Mac #MacOS #Malware #OTX #OpenThreatExchange #Rust #SocialEngineering #SupplyChain #Web3 #Windows #Zoom #bot #cryptocurrency #developers #AlienVault
