Lazarus’ New Exchange Hacking Technique Revealed

Reading Time: 2 minutes
  • Cybersecurity experts have exposed a new trick used by the Lazarus hacking group to infiltrate crypto exchanges
  • The group is now luring exchange engineers with malware disguised as a trading bot to gain access to their development environments
  • Members of the hacking group are also posing as blockchain engineers on social platforms like Discord

North Korean hacking group Lazarus has deployed a new way to infiltrate crypto exchanges to siphon funds from the platforms. According to cybersecurity firm Elastic Security Labs, the group is targeting exchange engineers and luring them with malware-filled trading bots. The group’s members are also posing as blockchain engineers on social platforms such as Discord, indicating the extent to which it is willing to go in order to steal funds.

Malware-laced Crypto Bots

The cybersecurity firm unearthed the new trick while investigating an intrusion of a macOS-based system. According to the researchers, Lazarus managed to make an engineer of the affected platform download a malware-laced crypto bot.

Once installed, the Python-based ‘bot’ started downloading content from a file and then deleting the original file before executing what the cybersecurity firm referred to as ‘sugarloader.’

This is a program that conducts the actual infiltration without being detected by computer programs designed to detect malware-like programs. Sugarloader is then followed by the actions of another program that imitates a genuine Discord application which paves the way for the hacking group to take control of an entire computer system without detection.

Although packaging malware as a trading bot and masquerading as blockchain engineers are new tricks, they aren’t the only ones employed by the group in its attempts to fleece its victims. 

Recruitment Traps Nabs $540 Million

A month ago, for example, ESET discovered that Lazarus was packaging malware programs as genuine Windows commands to avoid detection.

The group is also using an employment scam to lure engineers and other notable personnel of a crypto or blockchain project. The $540 million Ronin hack, for example, was orchestrated by setting a recruitment trap for the platform’s engineer.

With cybersecurity experts exposing more ways Lazarus is infiltrating crypto platforms, it’s likely the amount it siphons from such platforms will drop.