File photo: A man walks past an electric board showing exchange rates of various cryptocurrencies including Bitcoin (top L) at a cryptocurrencies exchange in Seoul, South Korea December 13, 2017. (REUTERS/Kim Hong-Ji)
Bitcoin experts beware. North Korean hackers are probably trying to fool you into installing malware. A new phishing email campaign that targets the cryptocurrency industry has been linked to a shadowy hacking collecting believed to work for North Korea.
The warning comes from security firm Secureworks. The English-written email pretends to offer a job opening for a CFO position at a London-based Bitcoin company. But a Microsoft Word attachment in the email can secretly install malicious code onto your computer.
Once opened, the Word doc will prompt the victim to accept the "Enable Editing," and "Enable Content" functions in Microsoft Word. Doing so activates a software macro that'll install a Remote Access Trojan, which can download additional malware onto your computer.
SecureWorks is blaming the attacks on the Lazarus Group, a North Korean hacking team that may have been behind the 2014 Sony Pictures breach.
More From PCmag
North Korea has been interested in Bitcoin for sometime. IP addresses from the country have been found conducting research into the cryptocurrency as far back as 2013, according to SecureWorks.
Experts say North Korean hackers are probably after Bitcoin to fund the country's government, which is facing heavy economic sanctions from governments across the world. So far, hackers from the country have targeted four different virtual currency exchanges in South Korea by sending out phishing emails.
With Bitcoin's value reaching $17,000, expect North Korea's interest in looting the cryptocurrency to remain high. SecureWorks said this latest phishing email campaign—sent in late October—is probably ongoing.
SecureWorks is linking the phishing attack to North Korea based on findings in the malware and how it triggers. The various components share some of the same coding techniques found in past Lazarus Group attacks, the security firm said.
SecureWorks is warning cryptocurrency companies to be aware of threat. Although the companies have become a go-to destination for investors to buy and mine Bitcoin, they're also a major target for hackers.
Earlier this month, a Bitcoin mining site called NiceHash was robbed of over 4,700 bitcoins, which is now valued at $83 million. The hackers somehow gained remote access to a company computer and stole an employee's credentials.
For consumers investing in bitcoin or other cryptocurrencies, it's best to use two-factor authentication and a strong unique password with whatever virtual exchange currency you use.
This article originally appeared on PCMag.com.
Get a daily look at what’s developing in science and technology throughout the world.