Lazarus, a North Korean hackers group stole crypto by using Telegram

In a statement published on Wednesday, January 8, security researchers from Kaspersky said they found evidence to suggest Lazarus, which is supposedly a group of hackers sponsored by the North Korean government, has deployed new viruses to steal cryptocurrencies.

lazarus NK
Image via Media

Lazarus has doubled their efforts to infect both Mac computers and Windows users. Kaspersky says the hacking group is taking more careful steps of Cameron and is using improved tactics and procedures on social networks to steal cryptocurrencies.

In other words, Lazarus has regulated the way the system is infected, remains undetected, and illegally acquires cryptocurrency from compromised machines and victims. The Lazarus malware executes in memory instead of running from hard disk drives to go undetected.

Kaspersky has identified a new macOS and Windows virus called UnionCryptoTrader, based on previously discovered versions. A new malware, targeting Mac users, is named MarkMakingBot. The cybersecurity company noted that Lazarus adjusted MarkMakingBot and speculated that it was an intermediate stage in the significant changes to their macOS malware. The researchers also found infected Windows machines through a malicious file called WFCUpdater but could not identify the original installer.

Security researchers have named the new tactical wave, the “Operation AppleJeus Sequel.” An evolution of the AppleJeus campaign was uncovered back in 2018 and took place throughout 2019.

Lazarus is currently using Telegram to spread malware

The researchers said that Lazarus is presently using the messaging app Telegram – popular among the cryptocurrency community – as one of its major attack vectors.

The Windows versions of UnionCryptoTrader was supposedly executed from the Telegram download folder. Leading researchers believe that the actor provided the manipulated installer with the Telegram messenger.

The Telegram that was used to spread malware is the presence of a group of Telegram on the fake website. The interface of the program has a graphical interface that displays Bitcoin prices on some cryptocurrency exchanges.

The researchers said they had identified a number of victims based in Britain, Poland, Russia, and China. Some of these victims have been confirmed as crypto businesses.  In last August, according to a published UN report, North Korean hackers allegedly stole $ 2 billion by hacking foreign financial institutions and cryptocurrency exchanges.

Read more:

Follow us on Telegram

Follow us on Twitter

Follow us on Facebook

You might also like