North Korean Hackers Deploy New "Durian" Malware Against South Korean Crypto Firms
Kimsuky hackers utilize "Durian" malware to target South Korean crypto companies, revealing potential links to the notorious Lazarus Group.
BerniceLog in/ Sign up
North Korean hackers deploy 'Durian' malware to target crypto firms
Follow
Author: Tom Mitchelhill, CoinTelegraph; Compiler: Wuzhu, Golden Finance
North Korean hackers are reportedly using a new malware variant called "Durian" to attack South Korean cryptocurrency companies.
According to a May 9 threat report from cybersecurity firm Kaspersky, the North Korean hacker group Kimsuky used new malware to carry out a series of targeted attacks on at least two cryptocurrency companies.
This was done by exploiting legitimate security software dedicated to South Korean encryption companies to carry out "persistent" attacks.
Source: Kaspersky
The previously unknown Durian malware acts as an installer, deploying a persistent malware stream that includes "AppleSeed," LazyLoad's custom proxy tool, and other legitimate tools such as Chrome Remote Desktop.
"Durian has comprehensive backdoor capabilities, capable of executing sent commands, downloading additional files, and exfiltrating files," Kaspersky wrote.
In addition, Kaspersky noted that LazyLoad is also used by Andariel, a subgroup within the North Korean hacking consortium Lazarus Group, suggesting a "tenuous" connection between Kimsuky and the more notorious hacking group.
First appearing in 2009, Lazarus has become one of the most notorious cryptocurrency hacking groups.
On April 29, independent blockchain detective ZachXBT revealed that the Lazarus Group successfully laundered more than $200 million in ill-gotten gains between 2020 and 2023.
The Lazarus Group is accused of stealing more than $3 billion in crypto assets in the six years ending in 2023.
Lazarus is believed to have stolen more than 17% of the stolen funds in 2023, just over $309 million. According to a Dec. 28 report from Immunefi, throughout 2023, more than $1.8 billion worth of cryptocurrency was lost to hacks and breaches.
Gain a broader understanding of the crypto industry through informative reports, and engage in in-depth discussions with other like-minded authors and readers. You are welcome to join us in our growing Coinlive community:https://t.me/CoinliveSG
Add Comment
LoginLeave your comments
0 Comments
Earliest
Load more comments
More news about durian malware
- What is crypto malware, and how to detect it?BullishBearish
More news about durian malware
- Bernice
Are there any opportunities worth taking besides Starknet 2024?
In 2024, what other projects are worth investing our time and energy in interacting with?
JinseFinanceEtherHiding: Hackers Create New Way to Conceal Malware
EtherHiding is a new technique employed by hackers to infiltrate websites powered by WordPress. Once in, they embed malicious code designed to pilfer partial payments from blockchain contracts.
KikyoJob Hunting on LinkedIn? Beware of Malware From the Lazarus Group
Lazarus Group's typical approach involves luring victims with enticing employment offers at reputable companies, tricking them into downloading malicious payloads disguised as documents.
DavinRealst: The Deceptive Crypto Malware Targeting Apple Users
This insidious malware specifically targets individuals who engage in blockchain games, preying on their interest in financial rewards to deceive and steal.
Coinlive Apple macOS Targeted in Latest Crypto-Jacking Malware Threat
XMRig, a crypto-jacking malware, was discovered in pirated software. The malware is very hard to detect.
BeincryptoCrypto malware impersonating Google Translate app infects thousands of PCs
FinboldGitHub faces widespread malware attacks affecting projects, including crypto
The developer who found the vulnerability requested developers to sign their revisions with the GPG key to ensure all their revisions on the project can be verified.
CointelegraphPennyWise crypto-stealing malware spreads through YouTube
The malware targets Zcash and Ethereum wallets alongside Electrum, Atomic Wallet and Coinomi, it takes your browser extension and login data and reads your chat logs.
CointelegraphDogecoin's parents are fighting: Musk and Jackson Palmer exchange barbs
The world’s richest man and the co-founder of Dogecoin are sparring over whether the latter actually has a Python script that could put a huge dent in Twitter bot activity.
Cointelegraph