Tencent Yujian: Captured a spear-style targeted attack against a large cryptocurrency exchange customer service staff

The Tencent Security Vision Threat Intelligence Center issued a statement today that it has recently captured a harpoon-style targeted attack against a large digital cryptocurrency trading platform customer service staff. The attacker claimed to be a veteran user of the currency circle. Because of the dissatisfaction with the customer service of the trading platform, the xx platform of the platform and its competing relationship was compared, and several suggestions were listed in the email attachment. I hope the platform can be improved. The email attachment contains a spreadsheet file called "Customer Service and xx Complaint Comparison and Record 2019.xls", which is an attack bait file that carries the Excel 4.0 XLM macro code, which is opened by the customer service personnel who receive the email, and The macro code is allowed to execute, the macro code will pull a malicious program masquerading as HelloWorld, and finally decrypt the multi-layer malicious code to execute the Cobalt Strike remote control backdoor. Once the customer service machine is successfully implanted into the Trojan, the attacker can easily obtain the internal information of the trading platform, and even use the customer service machine as a springboard to invade the internal core confidential data of the exchange, which ultimately leads to unpredictable loss of the platform. . In the worst case, the trading platform digital virtual currency may be stolen.