Microsoft has discovered a new scam targeting crypto firms on Telegram

Patrick Devaney
Dec 8, 2022
Updated • Dec 7, 2022

The cryptocurrency market has grown considerably in recent years, although not in recent months admittedly, and in the process has attracted a wide variety of phishing scams and scammers targeting crypto enthusiasts. It now looks as though there is a new type of scam that is targeting the crypto industry.

The Microsoft Edge browser is putting billions of tabs to sleep
Overview of the threat

The Microsoft Security Threat Intelligence team has published a new report outlining the details of a new threat to cryptocurrency investment companies that is targeting them via Telegram. Microsoft is referring to the new threat actor as DEV-0139. The says:

“DEV-0139 joined Telegram groups used to facilitate communication between VIP clients and cryptocurrency exchange platforms and identified their target from among the members. The threat actor posed as representatives of another cryptocurrency investment company, and in October 2022 invited the target to a different chat group and pretended to ask for feedback on the fee structure used by cryptocurrency exchange platforms.”

This marks an escalation of the common phishing-type scams that see malicious actors trying to trick unsuspecting victims into clicking links to infected sites or downloading malicious files. In this instance, through exhibiting a broader knowledge of the crypto industry, DEV-0139 has been able to gain the trust of representatives from crypto investment companies and trick them into acting against their own interests.

Once contact has been established and trust gained, DEV-0139 pushes victims to download a “weaponized Excel file” called OKX Binance & Huobi VIP fee comparision.xls. Although this file does contain information and tables that look reputable, it also initiates a string of events that lead to the opening of backdoors that give DEV-0139 remote access to the machine.

Microsoft has not attributed this attack to any specific actor or group, instead focusing on the identifier DEV-0139. However, according to a report by BleepingComputer, threat intelligence firm Volexity has published similar findings to Microsoft and connects the threat actor to the North Korean Lazarus Threat Group. The report goes on to say that this group is also thought to be responsible for other big attacks such as the WannaCry ransomware attack of 2017.

This story highlights just how important it is to be careful when interacting online and when clicking links or downloading files. Phishing scams are becoming increasingly prevalent and dangerous, which is why we recommend familiarising yourselves with the tell-tale signs of phishing scams as shown in this infographic looking at scam emails and correspondences.

Microsoft has discovered a new scam targeting crypto firms on Telegram
Article Name
Microsoft has discovered a new scam targeting crypto firms on Telegram
The Microsoft Threat Intelligence security team has uncovered a new threat actor targeting crypto investment firms that may be linked to the 2017 WannaCry ransomware attacks.

Tutorials & Tips

Previous Post: «
Next Post: «


  1. Anna said on August 14, 2023 at 10:58 pm

    Most recovery companies will take your money again. I personally don’t think they are the same set of people that run all of them, seems like an unending cycle and it’s too sad. The most crazy thing about the whole internet thing is how you can clone a website to make it look like the real one, I discovered so manrry people fell into this kind of scams. The only recovery company I know that works is Recovering Atusa. com I have been to their physical address to meet them before and the good thing about them is that they will let you know if they can handle your case or not. So they will not just take your money when they already know they won’t help you out.

  2. check my box said on December 9, 2022 at 2:03 am

    This website is quickly turning into a M$ love fest, a “ONE MICROSOFT WAY” orgy.

    Should it continue, you’ll continue to lose a lot of your readers, including me. What a sad place this is becoming.

    1. boris said on December 9, 2022 at 7:04 am

      As strange as it sounds, MS and Google periodically do good things and discover/break bot operations.

  3. Jek Tono Porkins said on December 8, 2022 at 9:05 pm

    If it’s targeting the crypto bros is it really a scam or a chivalrous deed??

  4. Alan77 said on December 8, 2022 at 7:02 pm

    Crypto is just another Ponzi scheme made from nothing physical at all, you can’t own it physically or hold it in your hand at all. Digital fantasy numbers on a computer screen is the dumbest thing ever invented. It also goes against individual freedom and privacy too. People who support this dumb worthless crap on a computer screen are asking to be much bigger slaves to the evil system. If you don’t hold something of real physically value in your possession then you don’t own a damn thing at all.

    1. asd said on December 8, 2022 at 9:04 pm

      Crypto goes well with the future that The World Economic Forum has cooked up for us: “You will own nothing and be happy”

      1. Alan77 said on December 9, 2022 at 12:54 am

        asd well that’s only if you comply to the fake Crypto BS or their slavery. By the way central banks around the world are buying up gold and silver like crazy, not retarded digital fantasy numbers on a computer screen made from nothing physical. So this should tell you something about the real future.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.