Security News > 2021 > November > North Korean Hackers Target Cybersecurity Researchers with Trojanized IDA Pro

Lazarus, the North Korea-affiliated state-sponsored group, is attempting to once again target security researchers with backdoors and remote access trojans using a trojanized pirated version of the popular IDA Pro reverse engineering software.

The findings were reported by ESET security researcher Anton Cherepanov last week in a series of tweets.

IDA Pro is an Interactive Disassembler that's designed to translate machine language into assembly language, enabling security researchers to analyze the inner workings of a program as well as function as a debugger to detect errors.

"Attackers bundled the original IDA Pro 7.5 software developed by [Hex-Rays] with two malicious components," the Slovak cybersecurity firm said, one of which is an internal module called "Win fw.dll" that's executed during installation of the applications.

The domain is also notable for the fact that it's been previously linked to a similar North Korea-backed campaign aimed at security professionals and disclosed by Google's Threat Analysis Group earlier this March.

The covert operation involved the adversaries setting up a fake security company known as SecuriElite alongside a number of social media accounts across Twitter and LinkedIn in an attempt to trick unsuspecting researchers into visiting the company's malware-laced website so as to trigger an exploit that leveraged a then zero-day in Internet Explorer browser.

News URL

https://thehackernews.com/2021/11/north-korean-hackers-target.html