Security News > 2020 > January > North Korean Hackers Continue to Target Cryptocurrency Exchanges

Over the past year and a half, the North Korea-linked Lazarus group has continued attacks on cryptocurrency exchanges but modified its malware and some techniques, Kaspersky reports.
Kaspersky now says that following Operation AppleJeus, Lazarus continued to employ a similar modus operandi in attacks on cryptocurrency businesses, and that more macOS malware similar to that from the original Operation AppleJeus case was discovered.
While the Windows malware used in the campaign suffered only small changes, the macOS malware was more heavily modified, Kaspersky says.
Changes from previous attacks include the use of GitHub to host malware, the use of Object-C instead of the QT framework, the malware's implementation of a simple backdoor function in macOS executable, the use of an encryption key similar to the previous case, the use of ADVobfuscator for the Windows version, and a significantly different post-install script of macOS malware.
"The actor altered their macOS and Windows malware considerably, adding an authentication mechanism in the macOS downloader and changing the macOS development framework. The binary infection procedure in the Windows system differed from the previous case. They also changed the final Windows payload significantly from the well-known Fallchill malware used in the previous attack. We believe the Lazarus group's continuous attacks for financial gain are unlikely to stop anytime soon," Kaspersky concluded.
News URL
Related news
- North Korean Hackers Steal $1.5B in Cryptocurrency (source)
- North Korean Hackers Exploit PowerShell Trick to Hijack Devices in New Cyberattack (source)
- North Korean hackers spotted using ClickFix tactic to deliver malware (source)
- North Korean Hackers Target Freelance Developers in Job Scam to Deploy Malware (source)
- North Korean hackers linked to $1.5 billion ByBit crypto heist (source)
- OpenAI bans ChatGPT accounts used by North Korean hackers (source)
- Bybit Hack Traced to Safe{Wallet} Supply Chain Attack Exploited by North Korean Hackers (source)
- Safe{Wallet} Confirms North Korean TraderTraitor Hackers Stole $1.5 Billion in Bybit Heist (source)
- Microsoft: North Korean hackers join Qilin ransomware gang (source)
- North Korean Lazarus hackers infect hundreds via npm packages (source)