The North Korean hacking collective Lazarus Group is back at it again, targeting blockchain engineers with advanced data exfiltration and remote code execution-capable trojans.
A report from researchers Elastic Security observed a new attack that originated on Discord and targeted the cryptocurrency community. By deploying a simple social engineering strategy, the attackers try and convince the victim to download a file named “Cross-platform Bridges.zip”, thinking it’s an arbitrage bot.
Arbitrage bots are usually legitimate pieces of code that allow users to automate buying crypto on one exchange and selling it on another where the price is slightly different. The changes in the prices are minuscule, but with automation and a hefty sum to get going, some people claim the bots work well. Usually, the bots can be purchased for tens of thousands of dollars.
State-sponsored threat actors
But obviously, the victims wouldn’t be getting the bot. Instead, they’d get the KandyKorn malware, built for the macOS and capable of a number of things, including gathering system information, listing directory contents, downloading and running files on the victim’s endpoint, deleting files, killing processes, stealing files, and more.
The malware was built by the infamous Lazarus Group, the researchers allege, basing these claims on code and campaign overlaps with previous instances that were attributed to the North Koreans.
Lazarus is a known group, with strong ties with the North Korean government. Allegedly, it was behind some of the biggest crypto heists in history, including the attack on the Ronin bridge, which left the protocol some $600 million short. The stolen money is being used to fund the North Korean government and its nuclear program, western intelligence agencies claim.
This group is also well-known for running fake job schemes, tricking developers into downloading malware during the “hiring” process.
Via BleepingComputer
More from TechRadar Pro
- Got a virus? Here is the best malware removal software
- FBI - North Korean Lazarus hackers could be about to cash in millions of stolen Bitcoin
- Read our list of the best firewall software