A hacking group sanctioned by the US government, known as Lazarus, has been linked to a malicious scheme targeting cryptocurrency. The activity involves the use of a modified malware product, Applejeus, to access systems and steal digital assets from third parties.
Lazarus Group Utilizes Crypto Site to Access Systems
Volexity, a Washington DC-based cybersecurity firm, recently disclosed that North Korea’s Lazarus Group has been connected to criminal activities. The attack entails the use of a crypto-related website to infect machines and obtain sensitive information.
A blog post published on Dec. 1 found that in June, a Lazarus-linked domain, bloxholder.com, was registered. This was later established as an automated cryptocurrency trading company. The platform was used as a front to deliver the malicious payload, Applejeus, to users. The malware is designed to steal private keys and other data from compromised systems.
This is not the first time Lazarus has used such a technique. The new campaign, however, includes a modification that helps to “confuse and slow down” detection tasks.
Macros in Documents Used to Distribute Malware
Volexity also discovered that the method of delivering the malware to victims has been altered. It is now being spread via Office documents, specifically spreadsheets with macros. This is a type of program embedded in documents that, when executed, installs the Applejeus malware on the computer.
The document, identified as “OKX Binance & Huobi VIP fee comparision.xls,” contains a comparison of the potential benefits of each VIP program at the respective exchange. In order to prevent this type of attack, it is recommended to block the execution of macros in documents. It is also advisable to inspect and monitor the creation and modification of tasks in the operating system to keep an eye out for any new, unidentified tasks running in the background. The reach of the campaign, however, remains unknown.
The US Department of Justice (DOJ) indicted Lazarus in February 2021. The group is associated with the North Korean intelligence organization Reconnaissance General Bureau (RGB). In this regard, two Chinese nationals were indicted by the DOJ in March 2020 for laundering more than $100 million in cryptocurrency associated with Lazarus’s activities.
What do you think about the Lazarus cryptocurrency malware campaign? Please leave a comment below.
Images credit: Shutterstock, Pixabay, Wiki Commons
Disclaimer: This article is intended for informational purposes only. It is not an offer or solicitation to buy or sell or a recommendation of any product, company, or service. Bitcoin.com is not a provider of investment, tax, legal, or accounting advice. Neither the author nor the company are responsible for any loss or damage caused or alleged caused by the use or reliance of any content, goods, or services in this article.
