News North Korean hackers are targeting cryptocurrency traders with fake...

North Korean hackers are targeting cryptocurrency traders with fake software

-

- Advertisment -

North Korean hacking outfit “Lazarus” is now targeting cryptocurrency exchanges. Information security firm Kaspersky Labs has discovered it is exploring new attack vectors and trojanizing cryptocurrency software.

Kaspersky Labs has been tracking Lazarus for over a year. Back in April, it made its investigations public with research proving that the hacker crew had managed to steal $81 million from a Bangladeshi bank.

Now, Lazarus is tricking unsuspecting users into downloading cryptocurrency-related software laced with malware. Research posted to Kaspersky’s media outlet, Securelist, reads:

While investigating a cryptocurrency exchange attacked by Lazarus, we made an unexpected discovery. The victim had been infected with the help of a trojanized cryptocurrency trading application, which had been recommended to the company over email.

Its primary function is to load the malware suite ‘FallChill’ onto machines while opening a series of backdoors. Computers infected with FallChill can be controlled remotely and should be considered completely compromised. 

The use of such malware has become the calling card of Lazarus. It should be noted that US-CERT claims the North Korean government has used FallChill against political enemies extensively in the past. US-CERT has another name for the crew, HIDDEN COBRA, which it uses rather than ‘Lazarus.’

Until quite recently, hackers have been content with targeting Windows-based machines. This has led to a belief that macOS and Linux operating systems are more secure, with less instances of viruses, malware, and related hacks.

Lazarus is looking to exploit this complacency by distributing malware for macOS and soon Linux. Kaspersky’s research warns that this “should be a wake-up call for users of non-Windows platforms.”

On the surface, Celas Trade Pro really does appear to be kosher. It certainly looks like an all-in-one cryptocurrency trading application, an interface for making trades and reading market data.

North Korean hackers are targeting cryptocurrency traders with fake software