The campaign likely began as early as July 2024 and uses email and PDF lures with fake news headlines or stories about crypto-related topics.
These campaigns are part of "highly tailored, difficult-to-detect social engineering" attacks aimed at employees working in the decentralized finance (DeFi) and cryptocurrency sectors.
SentinelOne said it observed an email phishing attempt on a crypto-related industry in late October 2024 that delivered a dropper application mimicking a PDF file.
The application, written in the Swift programming language, has been found to be signed and notarized on October 19, 2024, with the Apple developer ID.
Collection
[
|
...
]