Cointime

Cointime

Download App
iOS & Android

North Korean Lazarus Group Linked to New Cryptocurrency Hacking Scheme

The Lazarus group, a North Korean hacking organization previously linked to criminal activity, has been connected to a new attack scheme to breach systems and steal cryptocurrency from third parties. The campaign, which uses a modified version of an already existing malware product called Applejeus, uses a crypto site and even documents to gain access to systems.

Modified Lazarus Malware Used Crypto Site as Facade

Volexity, a Washington D.C.-based cybersecurity firm, has linked Lazarus, a North Korean hacking group already sanctioned by the U.S. government, with a threat involving the use of a crypto site to infect systems in order to steal info and cryptocurrency from third parties.

A blog post issued on Dec. 1 revealed that in June, Lazarus registered a domain called “bloxholder.com,” which would be later established as a business offering services of automatic cryptocurrency trading. Using this site as a facade, Lazarus prompted users to download an application that served as a payload to deliver the Applejeus malware, directed to steal private keys and other data from the users’ systems.

The same strategy has been used by Lazarus before. However, this new scheme uses a technique that allows the application to “confuse and slow down” malware detection tasks.

Document Macros

Volexity also found that the technique to deliver this malware to final users changed in October. The method morphed to use Office documents, specifically a spreadsheet containing macros, a sort of program embedded in the documents designed to install the Applejeus malware in the computer.

The document, identified with the name “OKX Binance & Huobi VIP fee comparision.xls,” displays the benefits that each one of the VIP programs of these exchanges supposedly offers at their different levels. To mitigate this kind of attack, it is recommended to block the execution of macros in documents, and also scrutinize and monitor the creation of new tasks in the OS to be aware of new unidentified tasks running in the background. However, Veloxity did not inform on the level of reach that this campaign has attained.

Lazarus was formally indicted by the U.S. Department of Justice (DOJ) in Feb. 2021, involving an operative of the group linked to a North Korean intelligence organization, the Reconnaissance General Bureau (RGB). Before that, in March 2020, the DOJ indicted two Chinese nationals for aiding in the laundering of more than $100 million in cryptocurrency linked to Lazarus’ exploits.

Crypto
Comments

All Comments

Recommended for you

  • Cointime May 12 News Express

    1.The number of Bittensor subnets for the AI ​​project will increase to 64, and 1024 subnets will be achieved this year2.Trader predicts Bitcoin price will reach $350,0003.vladilena.eth redeemed 1930 weETH from Zircult, suspected of selling4.Solana’s on-chain DEX transaction volume yesterday exceeded the sum of five chains including Ethereum, BSC, and Arbitrum5.RSS3 VSL locked-in amount surged in the past two days and is close to 200 million US dollars 6.The transaction volume of Club Key on friend.tech platform exceeded 1 million7.Lido has paid out more than 516,000 ETH in staking rewards, equivalent to approximately $1.51 billion8.1,000 BTC transferred from TronDAO to an unknown new wallet9.Report: Justin Sun deposited 120,000 eETH into Swell L2, worth $376 million10.1707.36 BTC have flowed out of Binance in the past 7 days

  • Xinjiang launches special campaign to combat illegal fundraising, with key areas including virtual currency, blockchain, etc.

    According to Chang'an Xinjiang Public Account, Xinjiang Autonomous Region and Corps have launched a joint special action to crack down on illegal fund-raising, with key areas including third-party wealth management, fake private equity, fake gold exchange and other traditional fields, as well as emerging fields such as virtual currency, blockchain, cultural tourism, film and television investment, and debt resolution services. It is reported that key cases include cases involving more than 100 million yuan and cases that have been criminally filed for more than five years.

  • A British court has postponed the final sentencing of Wen Jian, a British-Chinese national involved in the country's largest Bitcoin money laundering case, until May 24.

    On May 11th, it was reported that Jian Wen, a 42-year-old British Chinese citizen, was found guilty of "participating in arranging money laundering" in the UK's largest Bitcoin money laundering case. He could be sentenced to up to 14 years in prison. Jian Wen's defense lawyer, Mark Harries, stated that due to the judge's busy schedule, the UK court has postponed Jian Wen's final sentencing, which was originally scheduled for May 10th, to May 24th.

  • Web3 startup Star Nest completes $6 million in Pre-A round of financing

    Hong Kong Web3 music startup Star Nest announced that it has completed a $6 million Pre-A round of financing, led by Chuangqi International Limited, a wholly-owned subsidiary of Hong Kong Stock Exchange-listed company Guofu Innovation. Star Nest will collaborate with Armonia Meta Chain to develop the Star Nest SpaceStar metaverse game, which includes music, role-playing, and social features.In addition, Star Nest plans to launch its NEST project in the third quarter of 2024. Nest will receive 2.1 billion NEST tokens tailored for the project, and Star Nest will use the NEST token to build a more complete music industry token economic system. The NEST token will be widely used for purchasing performance tickets, chain game cooperation, metaverse consumption, governance voting, and other activities.

  • Over $594 million worth of PYTH is staked

    According to Dune data,  there are currently 1,201,167,362 PYTH tokens in the staked state, with a total staked value exceeding $594 million. The number of PYTH stakers has reached 151,211.

  • US Department of Justice: Tornado Cash indictment has nothing to do with "free speech"

    On May 11th, the US Department of Justice explained why the motion to dismiss the criminal case against Tornado Cash founder Roman Storm was invalid. The Department of Justice reiterated that their indictment was not related to whether the Tornado Cash computer code had freedom of speech or was protected by the First Amendment of the Constitution. The defendant was not charged for publishing computer code, but for using it to facilitate profitable illegal activities.

  • USDC circulation decreased by $100 million in the past week, with a total circulation of $33 billion

    According to official data,as of May 9th, Circle has issued approximately $2 billion USDC and redeemed approximately $2 billion USDC in the past 7 days, with a decrease in circulation of approximately $100 million. The total circulation of USDC is $33 billion, with a reserve of $33.1 billion, including approximately $3.3 billion in cash and Circle Reserve Fund holding approximately $29.8 billion.

  • SEC rejects Coinbase's request for appeals court ruling on cryptocurrency rules

    The US SEC has rejected Coinbase's request to appeal to the court to review whether traditional securities rules are applicable to cryptocurrencies. In its application, Coinbase stated that it hoped the appeals court would consider whether the Howey test, which has long been used for securities evaluation, should be applied to digital assets. However, the SEC pointed out that Coinbase has not successfully demonstrated the need for such an evaluation. The SEC stated that Coinbase is attempting to create a "new legal test," but this attempt was rejected by the court. The court found that Coinbase's arguments lacked consistency and did not successfully demonstrate the existence of decisive issues. Currently, the judge responsible for hearing the SEC's case against Coinbase will make a ruling on Coinbase's intermediate appeal motion.

  • Colombian President Suspected of Accepting $500,000 in Illegal Crypto Donations

    Colombian President Gustavo Petro is suspected of accepting over $500,000 in digital token donations from a fraudulent cryptocurrency project during his 2022 election campaign. A former contractor revealed that the illegal donation occurred during a meeting in February 2022 that discussed the advantages of cryptocurrency and the possibility of working with the government. This allegation is one of the latest charges faced by President Petro during his election campaign, with the Colombian Prosecutor's Office investigating his campaign last year.

  • Fed's Kashkari: The bar for another rate hike is high, but it cannot be ruled out

    The Federal Reserve's Kashkari expressed a cautious attitude towards restrictive monetary policy; he is adopting a wait-and-see attitude towards future monetary policy; he is in a wait-and-see state to see if inflation is stagnating; the threshold for raising interest rates again is high, but this possibility cannot be ruled out; if inflation data supports it, the Fed will maintain interest rates.

Daily Must-Read

Popular Activities

Delysium $AGI & AI Private Yacht Party

Delysium $AGI & AI Private Yacht Party

March 27 - March 27
Seoul

Popular Tags

Cointime
News
Contents
RSS
Company