- Hackers have launched a new malware to help siphon funds from crypto firms
- The hackers target crypto firms in South Korea
- The malware works by exploiting genuine software used by South Korean crypto firms
Cyber security firm Kaspersky has revealed a new tactic used by North Korean hackers to target South Korean crypto firms. In a report published last week, Kaspersky noted that the hackers have launched a new malware known as “Durian” and have already used it on two South Korean crypto firms. Durian works by riding on genuine software used by crypto firms, making it hard for security programs to detect it thus increasing its effectiveness.
Malware Steals Login Details
According to the cyber security firm, Durian plays the role of an installer that paves the way for the installation of tools like Chrome Remote Desktop which allows the attackers to establish and maintain a live connection with their victims.
Our latest APT trends for Q1, 2024 if now live and includes a look at some of the more interesting APT activities revealed during Q1, including Careto APT reappearance, hacktivist activity, and much more.
Full report ⇒ https://t.co/yTe8mxePF1 pic.twitter.com/37N8ZGliZA
— Kaspersky (@kaspersky) May 9, 2024
The malware is operated by North Korea-based hacking group Kimsuky. Kaspersky discovered that the malware steals login details and other data stored on browsers. The cyber security firm also unearthed a collaboration between Kimsuky and Andariel, another malicious actor targeting crypto firms.
SideWinder is another hacking group targeting crypto companies in Asia and Africa and has launched “hundreds of attacks in recent months.”
Lazarus Adding to its Malware Arsenal
Apart from South Korea and Africa, Kaspersky also discovered a new malware campaign “targeting government entities in the Middle East.” The cyber security firm noted that the renowned North Korean hacking group Lazarus is also adding “malware clusters in its arsenal.”
A few months ago, for example, cyber security firm ESET discovered that Lazarus is using a malware program known as LightlessCan to mimic genuine Windows commands on victim computers. Lazarus is also luring crypto platform engineers with job offers and trading bots to gain access to their targets.
With the new malware riding on genuine computer software used by crypto firms, it’s likely to result in more casualties and, consequently, more stolen funds.
