Join the larget crypto conference of 2019 in London
$ 9,678.5
$ 264.84
$ 73.65
$ 80.06

North Korean Hacker Group Modifies Crypto-Stealing Malware

The Lazarus hacker group, which is allegedly sponsored by the North Korean authorities, has deployed new viruses to steal cryptocurrency.

Main cybersecurity agency Kaspersky reported on Jan. eight that Lazarus has doubled down its efforts to contaminate each Mac and Home windows customers’ computer systems.

The group had been utilizing a modified open-source cryptocurrency buying and selling interface referred to as QtBitcoinTrader to ship and execute malicious code in what has been referred to as “Operation AppleJeus,” as Kaspersky reported in late August 2018. Now, the agency experiences that Lazarus has began making adjustments to the malware.

Kaspersky recognized a brand new macOS and Home windows virus named UnionCryptoTrader, which is predicated on beforehand detected variations. One other new malware, concentrating on Mac customers, is called MarkMakingBot. The cybersecurity agency famous that Lazarus has been tweaking MarkMakingBot, and speculates that it’s “an intermediate stage in vital adjustments to their macOS malware.”

Researchers additionally discovered Home windows machines that had been contaminated by a malicious file referred to as WFCUpdater however had been unable to establish the preliminary installer. Kaspersky mentioned that the an infection began from .NET malware that was disguised as a WFC pockets updater and distributed by a faux web site. 

The malware contaminated the PCs in a number of phases earlier than executing the group’s instructions and completely putting in the payload.

Attackers might have used Telegram to unfold malware

Home windows variations of UnionCryptoTrader had been discovered to be executed from Telegram’s obtain folder, main researchers to imagine “with excessive confidence that the actor delivered the manipulated installer utilizing the Telegram messenger.” 

An additional cause to imagine that Telegram was used to unfold malware is the presence of a Telegram group on the faux web site. The interface of this system featured a graphical interface displaying the value of Bitcoin (BTC) on a number of cryptocurrency exchanges.

UnionCryptoTrader user interface screenshot

UnionCryptoTrader person interface screenshot. Supply: Kaspersky

The home windows model of UnionCryptoTrader initiates a tainted Web Explorer course of, which is then employed to hold out the attacker’s instructions. Kaspersky detected cases of the malware described above in the UK, Poland, Russia and China. The report reads:

“We imagine the Lazarus group’s steady assaults for monetary achieve are unlikely to cease anytime quickly. […] We assume this type of assault on cryptocurrency companies will proceed and turn out to be extra subtle.”

Lazarus has been identified to focus on crypto customers for a very long time. In October 2018, Cointelegraph reported that the group had stolen a staggering $571 million in cryptocurrencies since early 2017.

In March 2019, reports by Kaspersky prompt that the group’s efforts in concentrating on cryptocurrency customers had been nonetheless ongoing and its techniques had been evolving. Moreover, the group’s macOS virus was additionally enhanced in October final 12 months.


  • 0
  • 0
  • 0
  • 0
  • 0
  • 0
  • 0

Related Posts

Leave a Reply

Notify of

CryptoCurrencyUSDChange 1hChange 24hChange 7d
Bitcoin9,678.5 0.09 % 0.92 % 6.22 %
Ethereum264.84 0.06 % 3.65 % 6.82 %
XRP0.2742 0.05 % 0.83 % 17.74 %
Bitcoin Cash377.59 0.21 % 1.69 % 23.25 %
Bitcoin SV287.84 0.21 % 1.59 % 20.22 %
Litecoin73.65 0.45 % 6.39 % 11.22 %
Tether0.9995 0.05 % 0.00 % 0.08 %
EOS4.070 0.44 % 2.03 % 24.00 %
Binance Coin22.14 0.04 % 0.36 % 15.61 %
Tezos3.450 0.34 % 2.97 % 0.45 %

News Today

Ravencoin Neighborhood Conflict Over Mining Algorithm Continues
February 22, 2020By
OpenSea: From Formulation 1 Automobiles to Crypto Forgeries
February 21, 2020By
Chainalysis to Monitor AML Compliance for Crypto Alternate CoinField
February 21, 2020By
Courageous Browser Desires the UK to Use GDPR to Crack Down on Google
February 21, 2020By
After In a single day Flash Crash, Right here Are 5 Causes Why Bitcoin Will Rally Once more
February 21, 2020By
New Italian Fintech Startup Bitsa Provides XMR Help to Its Pay as you go Card
February 21, 2020By
Tezos Worth (XTZ) Shedding Steam After Dropping to Ascending Trendline?
February 21, 2020By
First Ukrainian Bitcoin Change Launches Hryvnia-Pegged Stablecoin UAX
February 21, 2020By
Vitalik Buterin Reveals Ethereum 2.Zero Roadmap to Cointelegraph
February 21, 2020By


% 1h
% 24h
% 7d
Thanks !

Thanks for sharing this, you are awesome !