North Korean hackers are using a new "surprising" malware variant called "Durian" to attack South Korean cryptocurrency companies.
According to a Kaspersky threat report published on May 9, North Korean hacker group Kimsuky used this new malware in a series of targeted attacks against two #cryptocurrency companies.
The malware carried out "persistent" attacks that used legitimate security software used exclusively by South Korean cryptocurrency companies.
The previously unknown Durian malware is an installer that continuously runs malware including a backdoor known as "AppleSeed," a custom proxy tool known as "LazyLoad," and legitimate tools such as Chrome Remote Desktop. Works like.
Durian has extensive backdoor capabilities and is capable of executing sent commands, downloading additional files and exfiltrating files," Kaspersky noted.
In addition, Kaspersky noted that LazyLoad is also used by Andariel, a subgroup of North Korean hacking consortium Lazarus Group, suggesting a "subtle" connection between Kimsuki and the well-known hacking group. Notice.
The Lazarus Group, which emerged in 2009, is one of the most notorious cryptohacker groups.
On April 29, independent #blockchain sniffer ZachXBT revealed that Lazarus Group successfully laundered more than $200 million in illegal cryptocurrency between 2020 and 2023.
Lazarus Group is accused of stealing crypto assets totaling more than $3 billion over a six-year period through 2023.
Read us at: Compass Investments