Crypto News- In a concerning development, North Korean hackers have deployed a potent new malware variant known as “Durian” to target cryptocurrency companies based in South Korea. According to a recent threat report from cybersecurity firm Kaspersky, the notorious North Korean hacking group Kimsuky has already utilized Durian in a series of targeted attacks on at least two crypto firms.
Cryptocurrency Under Siege: North Korean Hackers Launch ‘Durian’ Malware Assault
The modus operandi involves a persistent assault leveraging legitimate security software exclusively used by cryptocurrency firms in South Korea. Durian, previously undisclosed, functions as an installer for a cascade of malware, including the insidious “AppleSeed” backdoor and a custom proxy tool dubbed “LazyLoad,” alongside other seemingly benign tools such as Chrome Remote Desktop.
Durian Malware: Unveiling its Stealthy Operations and Advanced Capabilities
Kaspersky’s analysis underscores Durian’s sophisticated backdoor capabilities, enabling the execution of commands, facilitating additional file downloads, and the clandestine exfiltration of sensitive data.
Moreover, Kaspersky’s findings reveal a connection between LazyLoad and Andariel, a subgroup within the notorious North Korean hacking consortium Lazarus Group. This linkage suggests a potentially tenuous association between Kimsuky and the more infamous Lazarus Group, known for its extensive history of cyberattacks targeting cryptocurrency exchanges.
Unveiling the Cryptocurrency Laundering Empire: Lazarus Group’s $3 Billion Heist
The Lazarus Group’s nefarious activities have recently come under scrutiny, with independent blockchain researcher ZachXBT uncovering evidence of over $200 million in illicitly acquired cryptocurrency laundered by the group between 2020 and 2023. Alarmingly, Lazarus is purportedly responsible for pilfering over $3 billion in crypto assets over a six-year period leading up to 2023.
Of this staggering sum, Lazarus is credited with absconding with over 17%, equating to roughly $309 million, in 2023 alone. These revelations underscore the significant threat posed by sophisticated cybercriminal syndicates like Lazarus, whose exploits continue to erode trust and security within the burgeoning cryptocurrency ecosystem.
As of 2023, the total value of cryptocurrency lost to hacks and exploits surpassed $1.8 billion, highlighting the urgent need for robust cybersecurity measures to safeguard digital assets against relentless cyber threats.
FAQs
What is the name of the new malware deployed by North Korean hackers targeting cryptocurrency companies in South Korea?
The name of the new malware is “Durian”.
How does the Durian malware operate, according to the threat report from Kaspersky?
Durian operates by persistently attacking through legitimate security software exclusively used by cryptocurrency firms in South Korea. It acts as an installer for a cascade of malware, including the insidious “AppleSeed” backdoor and a custom proxy tool dubbed “LazyLoad”, among others.
Which legitimate security software is leveraged by the hackers in their assault on cryptocurrency firms in South Korea?
Hackers leverage legitimate security software exclusively used by cryptocurrency firms in South Korea during their assaults.
For the latest in crypto updates, keep tabs on Crypto Data Space.
1 Comment