Bitcoin

North Korean hackers distribute ‘Durian’ malware targeting cryptocurrency companies

North Korean hackers are reportedly attacking South Korean cryptocurrency companies using a ‘surprising’ new malware variant called ‘Durian’.

North Korean hacking group Kimsuky has so far used new malware in a series of targeted attacks against at least two cryptocurrency companies, according to a May 9 threat report from cybersecurity firm Kaspersky. do.

This was achieved through a ‘sustained’ attack that exploited legitimate security software used exclusively by South Korean cryptocurrency companies.

source: kaspersky

The previously unknown Durian malware acts as an installer that deploys a continuous stream of malware, including a backdoor known as “AppleSeed,” a custom proxy tool known as LazyLoad, and other legitimate tools such as Chrome Remote Desktop.

“Durian boasts comprehensive backdoor capabilities that allow execution of passed commands, download of additional files, and file extraction,” Kaspersky wrote.

Kaspersky also noted that LazyLoad was also used by Andariel, a subgroup within the Lazarus Group, a North Korean hacking consortium. This suggests a “tenuous” link between Kimsuky and more notorious hacking groups.

Related: North Korean Lazarus hacker group uses LinkedIn to target and steal assets: Report

Since first appearing in 2009, Lazarus has established itself as one of the most notorious cryptocurrency hacker groups.

On April 29, independent blockchain detective ZachXBT revealed that the Lazarus group successfully laundered over $200 million worth of tainted cryptocurrency between 2020 and 2023.

The Lazarus Group is accused of stealing a total of more than $3 billion in cryptocurrency assets over a six-year period until 2023.

Lazarus is believed to have stolen more than 17% of all stolen funds in 2023, or just over $309 million. According to a December 28 report from Immunefi, more than $1.8 billion in cryptocurrency was lost to hacks and exploits in 2023 alone.

magazine: Lazarus Group’s Favorite Exploits Revealed — Analysis of Cryptocurrency Hacks