North Korean Lazarus Group Linked to New Cryptocurrency Hacking Scheme – Security Bitcoin News

The Lazarus Group, a North Korean hacker organization previously linked to criminal activity, has been linked to a new attack scheme to breach systems and steal cryptocurrency from third parties. The campaign, which uses a modified version of an already existing malware product called Applejeus, uses a crypto website and even documents to gain access to systems.

Modified Lazarus Malware used crypto website as front

Volexity, a Washington DC-based cybersecurity firm, has linked Lazarus, a North Korean hacking group already sanctioned by the US government, with a threat involving the use of a crypto website to infect systems to steal information and cryptocurrency from third parties.

A blog post issued on December 1 revealed that in June, Lazarus registered a domain called “bloxholder.com”, which would later be established as a business providing automated cryptocurrency trading services. Using this website as a front, Lazarus asked users to download an application that acted as a payload to deliver the Applejeus malware, aimed at stealing private keys and other data from users’ systems.

The same strategy has been used by Lazarus before. However, this new scheme uses a technique that allows the application to “confuse and slow down” malware detection tasks.

Document macros

Volexity also found that the technique for delivering this malware to end users changed in October. The method changed to using Office documents, specifically a spreadsheet containing macros, a type of program embedded in the documents designed to install the Applejeus malware on the computer.

The document, identified as “OKX Binance & Huobi VIP fee comparision.xls,” shows the benefits that each of these exchanges’ VIP programs allegedly offer at their various levels. To reduce this type of attack, it is recommended to block the execution of macros in documents, and also to audit and monitor the creation of new tasks in the operating system to be aware of new unidentified tasks running in the background. However, Veloxity did not inform about the level of reach this campaign has achieved.

Lazarus was formally indicted by the US Department of Justice (DOJ) in February 2021, involving an operative from the group linked to a North Korean intelligence organization, the Reconnaissance General Bureau (RGB). Prior to that, in March 2020, the DOJ indicted two Chinese nationals for helping launder more than $100 million in cryptocurrency linked to Lazarus’ businesses.

What do you think of Lazarus’ latest cryptocurrency malware campaign? Tell us in the comments section below.

Sergio Goschenko

Sergio is a cryptocurrency journalist based in Venezuela. He describes himself as late to the game, entering the cryptosphere when the price spike occurred during December 2017. He has a computer engineering background, lives in Venezuela and is influenced by the cryptocurrency boom on a social level, offering a different point of view on crypto success and how it helps the unbanked and underserved.

Image credit: Shutterstock, Pixabay, Wiki Commons