North Korean hackers are busy again, with the group "Lazarus" that sets their sights on cryptocurrency exchanges. Kaspersky Labs, information security company, unveiled the latest cybersecurity issue on its Securelist blog and said that the hack group harasses unsuspecting users in downloading cryptocurrency-related malware software.
"Lazarus has been a major threat actor in the APT arena for several years, and in addition to targets such as cyber espionage and cyber sabotage, the attacker has focused on banks and other financial companies around the world," the company wrote. "Over the past few months, Lazarus has successfully jeopardized and infiltrated several banks into a number of global cryptocurrency exchanges and FinTech companies."
Kaspersky recently discovered the hack while investigating a crypto-exchange attacked by Lazarus, with the help of a trojanized cryptocurrency trading application. The update was sent via e-mail to the company and an ignorant employee downloaded it from a legitimate-looking website. Their computer was then infected with malware known as Fallchill, an old tool that Lazarus now uses again. Computers infected with FallChill can be operated remotely immediately.
The malware seems to come from an application called Celas Trade Pro from Celas Limited, which seems to be the real deal. The app, which can be downloaded by any user, is an all-in-one style & # 39; cryptocurrency trading program.
"At the end of the installation process, the installer immediately executes the Updater.exe module with the & # 39; CheckUpdate & # 39; parameter, which looks like a standard tool and is unlikely to create the suspicion of system administrators. a valid digital signature belonging to the same supplier, but the devil is in the detail[s]as usual, "Kaspersky added.
Until now, the hackers see that they want to disrupt supply chains and companies – they actually do not (yet) steal crypto.
"This should be a lesson for all of us, and a wake-up call for companies relying on third-party software, do not automatically trust the code that runs on your systems," warned Kaspersky. "Neither a good-looking website nor a solid company profile nor the digital certificates guarantee the absence of backdoors." Confidence must be earned and proven. "Stay Safe!"