In June, employees at cryptocurrency exchange
Coinbase
were targeted by emails linking to a website that used two zero-day vulnerabilities in the
Firefox
browser to deliver
macOS
malware. The malware, dubbed ‘NetWire’, had previously been known but the exploit allowed it to bypass built-in protections against it. The NetWire sample was analysed by regular VB conference speaker Patrick Wardle in three parts (
1
,
2
,
3
) on his blog.
Coinbase
wasn’t the only exchange targeted though. In a presentation at VB2019 in London,
LINE
‘s HeungSoo (David) Kang disclosed that
LINE
, which also operates cryptocurrency exchanges, had been targeted in the same campaign.
In his talk, HeungSoo explained both how the attack works and what it looked like from both the defender’s and the adversary’s point of view. Though attacks using zero-days are rare, when they happen they provide an excellent opportunity to highlight the pain points for a blue team.
Today, we published the video of HeungSoo’s presentation in London.
Leave a Reply