Security News > 2022 > April > North Korean Hackers Distributing Trojanized DeFi Wallet Apps to Steal Victims' Crypto

The North Korean state-backed hacking crew, otherwise known as the Lazarus Group, has been attributed to yet another financially motivated campaign that leverages a trojanized decentralized finance wallet app to distribute a fully-featured backdoor onto compromised Windows systems.
The app, which is equipped with functionalities to save and manage a cryptocurrency wallet, is also designed to trigger the launch of the implant that can take control of the infected host.
The spawned malware, which masquerades as Google's Chrome web browser, subsequently launches a wallet app built for the DeFiChain, while also establishing connections to a remote attacker-controlled domain and awaiting further instructions from the server.
The C2 infrastructure used in this campaign exclusively consisted of previously compromised web servers located in South Korea, prompting the cybersecurity company to work with the country's computer emergency response team to dismantle the servers.
The findings come more than two months after Kaspersky disclosed details of a similar "SnatchCrypto" campaign mounted by the Lazarus sub-group tracked as BlueNoroff to drain digital funds from victims' MetaMask wallets.
"For the Lazarus threat actor, financial gain is one of the prime motivations, with a particular emphasis on the cryptocurrency business. As the price of cryptocurrency surges, and the popularity of non-fungible token and decentralized finance businesses continues to swell, the Lazarus group's targeting of the financial industry keeps evolving," Kaspersky GReAT researchers pointed out.
News URL
https://thehackernews.com/2022/04/north-korean-hackers-distributing.html
Related news
- North Korean hackers adopt ClickFix attacks to target crypto firms (source)
- North Korean Hackers Spread Malware via Fake Crypto Firms and Job Interview Lures (source)
- Safe{Wallet} Confirms North Korean TraderTraitor Hackers Stole $1.5 Billion in Bybit Heist (source)
- Microsoft: North Korean hackers join Qilin ransomware gang (source)
- North Korean Lazarus hackers infect hundreds via npm packages (source)
- Hackers target AI and crypto as software supply chain risks grow (source)
- North Korean Hackers Disguised as IT Workers Targeting UK, European Companies, Google Finds (source)
- North Korean Hackers Deploy BeaverTail Malware via 11 Malicious npm Packages (source)
- Hackers abuse Zoom remote control feature for crypto-theft attacks (source)