A hacking organization in North Korea, “The Lazarus Group”, was earlier connected to criminal activities. A recent news share that the group is now linked to a new attack type that steals cryptocurrencies, and breaches the system from intermediaries, or third parties. The campaign utilizes an advanced version of “Applejeus”, an active malware product, utilizes documents, and a crypto site to get access to the system.
A Crypto Site is Utilized by the Updated Lazarus Malware
A cybersecurity firm based in Washington D.C, Volexity, has connected a hacking group in North Korea that is already approvement by the government of the United States, to use a crypto site involved with a threat and hack the systems to steal cryptocurrencies and information from third parties.
On December 1st, a blog post was issued that revealed that “in the month of June, Lazarus has registered a domain known as “bloxholder.com” with the purpose of establishing as an automatic cryptocurrency trading business offering service. Utilizing the site as the front, Lazarus has requested the users to download an application that worked as a payload to provide the Applejeus malware with the motive to steal information and private keys from the system of the user.
A similar strategy was used earlier by the “Lazarus Group”, however, the new scheme utilizes a technique that permits the applications to slow down and confuse the malware detection activities.
Also Read: Top 10 Countries Leading in Blockchain Technology Around the World
Use of Document Macros to Deliver Malware
The cybersecurity firm, Volexity found a technique to provide the malware to the final users. The method is to morph important official documents, mainly spreadsheets with macros. It is a program type that is integrated into the documents that are designed to install the malware in the computer.
The document is identified under “OKX Binance & Huobi VIP fee Comparison.xls” and shares the advantages that every VIP projects of the exchanges offer at various levels. To defend against such attacks, it is best to block the execution of the macro in the documents. Monitor and scrutinize the new task development in the operating system as there might be new unidentified tasks going on in the background.
In Conclusion
The US Department of Justice officially indicted Lazarus in 2021 and involves a group operative to Reconnaissance General Bureau (RGB), a North Korean Intelligence Organization.