North Korean crypto hackers have implemented the New Virus UnionCryptoTrade. A cybersecurity company has warned cryptocurrency users to expect more attacks from North Korea. Moreover, the Lazarus hackers developed “enhanced capabilities ” to deliver malware through the popular messaging app Telegram.
10 January, 2020 | AtoZ Markets – The security of cryptos remains a major discussion point, with major exchanges still being hacked. According to Kaspersky, imminent crypto-threats are not declining. Since the hacker group Lazarus, allegedly sponsored by the North Korean government, has implemented new viruses to steal cryptocurrencies. On January 8, the major cybersecurity company Kaspersky reported that Lazarus has increased its efforts to infect both Mac and Windows users’ computers.
Hacker Group Lazarus Uses UnionCryptoTrade and New Viruses to Steal
The group used a modified open-source trading interface for cryptocurrency called QtBitcoinTrader. It also supplies and executes malicious code in what has been called “Operation AppleJeus “, as Kaspersky reported in late August 2018. Now, the company states that Lazarus started making changes to the malware.
Kaspersky has also identified a new macOS and Windows virus called UnionCryptoTrader. This new virus is based on previous detected versions. Aside UnionCryptoTrader Kaspersky detected another new malware, which is intended for Mac users and it’s called MarkMakingBot. The cybersecurity company has noted that Lazarus has modified MarkMakingBot. And it is at “an intermediate stage of significant changes in their malware for macOS”.
The researchers also found that Windows-infected machines with a malicious file “WFCUpdater”. However, the researchers were unable to identify the initial installer. Kaspersky said the infection started with .NET malware which disguised as a WFC wallet updater and distributed via a fake website. However, the malware infected the PC in several stages before running group commands and permanently installing the payload.
North Korean Hackers Now Using Telegram to Steal Crypto
Kaspersky only recently discovered that the hackers used Telegram to deliver a Lazarus payload. The researchers say they have identified several victims, based in the UK, Poland, Russia and China. However, many of these victims are cryptocurrency firms. However, security researchers have defined the new wave of tactics as “Operation AppleJeus Sequel”. An evolution of the AppleJeus campaign which lasted from 2018 to 2019.
As with previous campaigns, Kaspersky says that hackers use fake currency trading companies to attract victims. Fictitious companies have websites complete with links to equally fake Telegram trading groups. In one case, a Windows system infected with a malicious payload was delivered to the device via Telegram messenger.
Once infected, attackers can gain remote access to control the compromised device and continue their attacks. Lazarus almost always goes after cryptocurrency. During its research, Kaspersky discovered some of these fake cryptocurrency trading websites. The firm believes that they were using free web templates, so traders and investors need to be aware of such websites.
According to the UN report, North Korean hackers stole $2 billion by hacking foreign financial institutions and cryptocurrency exchanges. With the latest wave of updates to its campaign, Lazarus doesn’t seem to be easing its attempts.
Think we missed something? Let us know in the comments section below.