Lazarus Hacker Group Returns with Modified Crypto Stealing Malware
Crypto Guide
Live News

Keeping up with all the cryptocurrency news and updates is not an easy task, but we are up to the challenge! This way we can help our readers to keep track of changes in these fast growing currencies. Just like our site, is willing to face this challenge and on their site, they compile the features, key elements, and recent news involving bitcoin casino sites and which are the best to try!

Lazarus Hacker Group Returns with Modified Crypto Stealing Malware

January 10, 2020      Mary Brendah

 The Lazarus hacker group which is allegedly sponsored by the North Korean government, has deployed new viruses to steal cryptocurrency.  Security researchers from Kaspersky Labs reported on January 8 that the hacker group has doubled its effort to infect both Mac and Windows computers.

Moreover, Kaspersky also noted that the group is using a different approach in its latest campaign to steal cryptocurrencies. Initially, the group had been using a modified open-source cryptocurrency trading platform dubbed QtBitcoinTrader to spread and execute malicious code in what has been called “Operation AppleJeus,” according to Kaspersky back in August 2018.

In addition, Kaspersky’s researchers discovered a new macOS and Windows virus called UnionCryptoTrader. It was based on previously detected versions.  MarkMakingBot is another new malware targeting Mac users. Kaspersky claimed that Lazarus has been modifying MarkMakingBot, and notes that it is “an intermediate stage in significant changes to their macOS malware.”

Furthermore, Researchers also identified Windows computers that were infected through a malware file named WFCUpdater. However, they were unable to discover the initial installer. The cybersecurity firm noted that the infection commenced from .NET malware that was disguised as a WFC wallet updater and spread through a fake website. The malware infected the machines in several stages before executing the hacker’s commands and permanently installing the payload.

Lazarus May have Used Telegram to Spread the Malware

Additionally, the Windows versions of UnionCryptoTrader were discovered to be executed through Telegram’s download folder. This lead Kaspersky to believe “with high confidence that the actor delivered the manipulated installer using the Telegram messenger.” 

Moreover, there is a Telegram group on the fake website that further strengthens the case. The interface of the program shows a graphical image showing the price of Bitcoin on several cryptocurrency exchange platforms. The report by Kaspersky Labs reads:

“We believe the Lazarus group’s continuous attacks for financial gain are unlikely to stop anytime soon. […] We assume this kind of attack on cryptocurrency businesses will continue and become more sophisticated.”

In conclusion, back in March 2019, Kaspersky suggested that the group’s malicious efforts in targeting cryptocurrency users were still in progress and its methods were evolving. The group also further upgraded its MacOS malware back in October 2019.


READ  Upcoming Supply Cut Will See Bitcoin Prices Rise Further, Brian Kelly Predicts
#Crypto mining malware #Crypto News #Cryptocurrency #Cryptocurrency Market #Cryptocurrency News #Cyber crime #Hackers #North Korea
Mary Brendah
Mary Brendah

My first love is music – then goes writing. I don’t write fiction, I analyze bulls and bears in markets. I call it my jungle, the digital jungle of crypto and chains.