North Korean Lazarus Group Linked to New Cryptocurrency Hacking Scheme – Security Bitcoin News

by · December 5, 2022

lazarus group malware

The Lazarus Group, a North Korean hacker organization previously linked to criminal activity, has been linked to a new attack scheme to breach systems and steal cryptocurrency from third parties. The campaign, which uses a modified version of an already existing malware product called Applejeus, uses a crypto website and even documents to gain access to systems.

Modified Lazarus Malware used crypto website as front

Volexity, a Washington DC-based cybersecurity firm, has linked Lazarus, a North Korean hacking group already sanctioned by the US government, with a threat involving the use of a crypto website to infect systems to steal information and cryptocurrency from third parties.

A blog post issued on December 1 revealed that in June, Lazarus registered a domain called “bloxholder.com”, which would later be established as a business providing automated cryptocurrency trading services. Using this website as a front, Lazarus asked users to download an application that acted as a payload to deliver the Applejeus malware, aimed at stealing private keys and other data from users’ systems.

The same strategy has been used by Lazarus before. However, this new scheme uses a technique that allows the application to “confuse and slow down” malware detection tasks.

Document macros

Volexity also found that the technique for delivering this malware to end users changed in October. The method changed to using Office documents, specifically a spreadsheet containing macros, a type of program embedded in the documents designed to install the Applejeus malware on the computer.

The document, identified as “OKX Binance & Huobi VIP fee comparision.xls,” shows the benefits that each of these exchanges’ VIP programs allegedly offer at their various levels. To reduce this type of attack, it is recommended to block the execution of macros in documents, and also to audit and monitor the creation of new tasks in the operating system to be aware of new unidentified tasks running in the background. However, Veloxity did not inform about the level of reach this campaign has achieved.

Lazarus was formally indicted by the US Department of Justice (DOJ) in February 2021, involving an operative from the group linked to a North Korean intelligence organization, the Reconnaissance General Bureau (RGB). Prior to that, in March 2020, the DOJ indicted two Chinese nationals for helping launder more than $100 million in cryptocurrency linked to Lazarus’ businesses.

Tags in this story

applejeus, bloxholder, Crypto, data, Department of Justice, indictment, indictment, Lazarus, Malware, payload, Theft, volexity

What do you think of Lazarus’ latest cryptocurrency malware campaign? Tell us in the comments section below.

Sergio Goschenko

Sergio is a cryptocurrency journalist based in Venezuela. He describes himself as late to the game, entering the cryptosphere when the price spike occurred during December 2017. He has a computer engineering background, lives in Venezuela and is influenced by the cryptocurrency boom on a social level, offering a different point of view on crypto success and how it helps the unbanked and underserved.

Image credit: Shutterstock, Pixabay, Wiki Commons

Disclaimer: This article is for informational purposes only. It is not a direct offer or solicitation of an offer to buy or sell, or an endorsement or recommendation of products, services or companies. Bitcoin.com does not provide investment, tax, legal or accounting advice. Neither the company nor the author is directly or indirectly responsible for damages or losses caused or alleged to be caused by or in connection with the use of or reliance on content, goods or services mentioned in this article.

Tags:

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *