Previously linked North Korean hacking organization, The Lazarus Group has been linked to new attack schemes that have led to criminal activity and compromised systems to steal cryptocurrencies from third parties. Using a modified version of an existing malware product called Applejeus, this campaign accesses systems using encrypted sites and documents.
Modified Lazarus malware masquerading as a crypto site
Lazarus, a hacking group in the US, threatens to infect systems using crypto sites to steal information and cryptocurrencies from third parties.
A blog post, published on December 1, revealed that Lazarus registered the domain “bloxholder.com” in June. This domain will later be established as a business providing automated cryptocurrency trading services. Using this site as a facade, Lazarus invites users to download an application that serves as a payload to deliver his Applejeus malware, which is instructed to steal private keys and other data from the user’s system. urged.
Previously, Lazarus used the same strategy. However, this new scheme uses techniques that allow applications to “confuse and slow down” the malware detection task.
Volexity also discovered that the method of delivering this malware to end users changed in his October. This method was modified to use Office documents, specifically spreadsheets containing macros. This is a kind of program embedded in documents designed to install his Applejeus malware on your computer.
The document identified by the name “OKX Binance & Huobi VIP Rate Comparison.xls” lists the perks each of his VIP programs on these exchanges supposedly offer at different levels. is displayed. To mitigate this type of attack, block macro execution in documents, scrutinize and monitor the creation of new tasks in the OS, and be aware of new, unidentified tasks running in the background. It is recommended. However, Veloxity did not communicate the level of reach achieved by this campaign.
Lazarus was formally indicted by the U.S. Department of Justice (DOJ) in February 2021, implicating operatives in groups associated with North Korea’s intelligence agency, the Reconnaissance General Bureau (RGB). . Earlier, in March 2020, DOJ indicted two Chinese nationals for helping launder more than $100 million of his cryptocurrency related to Lazarus exploits.
Image Credits: Shutterstock, Pixabay, Wiki Commons