A new assault plan to access systems and steal bitcoin from third parties has been attributed to the Lazarus group, a North Korean hacker group previously related to criminal behaviour. A crypto site and even papers are used by the campaign, which makes use of a modified version of the virus Applejeus, to access computers.
Crypto site was used as a front by modified Lazarus malware
The U.S. government has already sanctioned the North Korean hacker group Lazarus. Volexity, a cybersecurity company based in Washington, D.C., has linked Lazarus to a threat involving the use of a crypto site to infect computers in order to steal data and bitcoin from third parties.
According to a blog post published on December 1, Lazarus registered the domain name “bloxholder.com” in June. This domain would eventually be used to launch a company that provided automated cryptocurrency trading services. Using this website as a front, Lazarus encouraged visitors to download a programme that would act as the payload for the Applejeus malware, which was designed to steal private keys and other information from the users’ devices.
Lazarus has previously employed the same tactic. But this novel methodology makes use of a method that enables the programme to “confuse and slow down” virus detection operations.
Macros for documents
Volexity discovered that in October, a change was made in the method used to distribute this malware to end users. A spreadsheet containing macros, a type of software embedded in the documents and intended to install the Applejeus virus in the machine, was used in the method as it evolved to employ Office documents.
The advantages that each of these exchanges’ VIP programmes are said to offer at various levels are shown in the document with the name “OKX Binance & Huobi VIP fee comparision.xls.” It is advised to prevent the execution of macros in documents and to carefully examine and keep an eye on the creation of new OS tasks in order to spot any new, unauthorised processes that may be running in the background .However, Veloxity did not inform on the level of reach that this campaign has attained.
In February 2021, the U.S. Department of Justice (DOJ) issued a formal indictment against Lazarus regarding an agent of the group connected to the Reconnaissance General Bureau, a North Korean intelligence agency (RGB). Prior to that, the DOJ charged two citizens of China in March 2020 with helping to launder more than $100 million in cryptocurrencies connected to Lazarus’ crimes.