Back to play a trick on you. It has now been several years since the North Korean hackers are rampant in the crypto ecosystem. They thus stole several hundred million dollars through several hacks resounding. Now, Lazarus group hackers are back in action with new malware.
Lazarus returns with new malware
Lazarus is a North Korean hacker group well known in the crypto sphere. Last June, they were at the origin of the Atomic Wallet hack. Stealing thus a loot of 100 million dollars. More recently, the FBI has speculated that the Hacker group believed to be behind attack targeting crypto casino platform Stake.com.
Unfortunately, these events are only two attacks among the many crypto-heists carried out by Lazarus Group.
On September 29, a group of researchers revealed A new operating mode as well as new malware used by Lazarus.
Thus, ESET researchers discovered the new method used by Lazarus following an attack targeting a Spanish aerospace company.
To do this, hackers use a method based on fake recruitments. To do this, hackers will contact their victims under the pretext of professional recruitment by pretending to be a recognized company.
Once the conversation is established, the hackers will pretend to be a coding challenge and send a document to the victim. Unfortunately, the latter does not know that behind this document hides malware.
Once downloaded and executed, the malware will install. This will then be able to perform numerous actions on the infected machine. This notably allows remote access to infected machines. From there exfiltrate dataor even to propagate within a network of machines.
>> Are you worried about scams and other Ponzis? Ledger has the solution (commercial link) <
LightlessCan: the backdoor used by Lazarus
In practice, the new malware developed by Lazarus is based on a new backdoor that has not yet been publicly documented. Titled LightlessCanthis is a new version of the BlindingCan flaw.
One of the characteristics of LightlessCan lies in its ability to imitate many native Windows commands. Therefore, this allows him to run unobtrusively on the machine of the victim, so as not to arouse suspicion.
It somehow “hides” itself by acting like a normal program, making it difficult to detect.
Furthermore, it operates in the form of a Remote Access Trojan (RAT). This notably allows the attacker to remotely access infected machines.
According to South Korean intelligence, Lazarus group is believed to be behind the theft of more than $180 million since the start of the year. To which are added the 40 million stolen via the Stake casino hack.
Disasters and hacks don’t just happen to other people! It is best never to entrust the security of your cryptocurrencies to a third party. To sleep with peace of mind, equip yourself with a Ledger secure hardware wallet, there is something for all budgets. Your security is priceless (commercial link).