Hacker Group Lazarus Uses Fake Exchanges, Telegram Groups in Latest Malware Attacks

Hacker Group Lazarus Uses Fake Exchanges, Telegram Groups in Latest Malware Attacks
фото показано с : news.bitcoin.com

2020-1-11 09:39

A new report shows that North Korea-linked Lazarus Group has adapted and evolved new techniques since initial attacks, and are using phony trading platforms linking to Telegram channels which distribute malware, as well as making their malware more stealthy by “adding an authentication mechanism in the macOS,” amongst other tactics. Since the group’s infamous previous campaign, ‘Operation Applejeus,’ victims have continued to lose bitcoin to the scams, and the report helps identify ways users can avoid falling prey to the traps.

Also Read: Problems Escalate in Venezuela as Millions Rush to Spend Petros

Operation Applejeus, the Sequel

A new report from cybersecurity group Kaspersky reveals that infamous hacker group Lazarus, said to be linked to the Pyongyang region of North Korea and purportedly responsible for over $570 million in exchange hacks over recent years, has evolved its methods. Using phony exchange sites, Telegram groups, “homemade macOS malware” and “a multi-stage infection procedure,” the group ropes in unsuspecting victims, takes control as in the first Applejeus, but now relieves them of their bitcoins in more complex fashion.

The report details: “While tracking this campaign, we identified more heavily deformed macOS malware. At the time, the attacker called their fake website and application JMTTrading. Other researchers and security vendors found it too, and published IoCs with abundant technical details.”

Example of a phony website front featured in the report. Methodology and How to Stay Safe

While many of the detected scam sites and Telegram groups appear to now be inactive, Kaspersky notes: “We were able to identify several victims in this Operation AppleJeus sequel. Victims were recorded in the UK, Poland, Russia and China. Moreover, we were able to confirm that several of the victims are linked to cryptocurrency business entities.

We speculate that the actor used free web templates like this to build their fake websites. Moreover, there is a Telegram address(@cyptian) on the Cyptian website. As we mentioned previously, the actor delivered a manipulated application via Telegram messenger.

In some instances Kaspersky suspects that malware was delivered via a Telegram group connected to a fake website. In others, links on fake sites are thought to be the avenue by which the now adapted and more complex Mac and Windows bugs enter a system. The updated means of attack appears to utilize multiple payloads in highly customized protocols designed carefully to evade detection.

Another phony trading site.

“To attack macOS users, the Lazarus group has developed homemade macOS malware, and added an authentication mechanism to deliver the next stage payload very carefully, as well as loading the next-stage payload without touching the disk,” the report details.

“In addition, to attack Windows users, they have elaborated a multi-stage infection procedure, and significantly changed the final payload. We assess that the Lazarus group has been more careful in its attacks following the release of Operation AppleJeus and they have employed a number of methods to avoid being detected.”

Though these scam sites have been discovered, many more undoubtedly exist and users would do well to take precaution whenever dealing with a new group. As always in the crypto space: don’t trust, verify. If a website or Telegram group seems suspicious and has a strange url, a number of non-functional links, spelling errors, etc, it’s best not to trust it and of course never to download anything before doing further research.

What are your thoughts on Lazarus and the connected scams? Let us know in the comments section below.

Image credits: Shutterstock, fair use.

Want to create your own secure cold storage paper wallet? Check our tools section. You can also enjoy the easiest way to buy Bitcoin online with us. Download your free Bitcoin wallet and head to our Purchase Bitcoin page where you can buy BCH and BTC securely.

The post Hacker Group Lazarus Uses Fake Exchanges, Telegram Groups in Latest Malware Attacks appeared first on Bitcoin News.

Similar to Notcoin - Blum - Airdrops In 2024

origin »

Trident Group (TRDT) на Currencies.ru

$ 0.0132492 (+0.00%)
Объем 24H $0
Изменеия 24h: 0.00 %, 7d: 42.85 %
Cегодня L: $0.0132492 - H: $0.0132492
Капитализация $16.072k Rank 99999
Доступно / Всего 1.213m TRDT

malware attacks new telegram group lazarus stealthy

malware attacks → Результатов: 82


Kaspersky: Lazarus Hackers To Steal Crypto Using Telegram in ‘Operation AppleJesus Sequel’

The Moscow-based cybersecurity firm Kaspersky has informed cryptocurrency users that North Korean hackers have developed new ways of delivering malware through Telegram. Kaspersky has been looking at the latest attacks of the Lazarus Group, a North Korea-related cybercrime organization that has also conducted the AppleJesus attack on some of the most important crypto exchanges in […]

2020-1-10 22:16


Supply chains show their weaknesses following Avast and NordVPN attacks

Antivirus solution provider Avast and VPN service NordVPN both disclosed data breaches caused by exposed credentials that granted attackers remote access to internal systems. The twin developments come as supply chain attacks — compromising a third-party vendor with a connection to the true target — targeting security-related apps are becoming a common vector to install malware.

2019-10-22 16:20


Cybercriminals are targeting healthcare companies with phishing campaigns to steal sensitive data

Healthcare providers are facing an unprecedented level of social engineering-driven malware threats, according to new research. The findings — disclosed by California-based enterprise security solutions provider Proofpoint US — discovered at least 77 percent of email attacks on the medical sector during the first three months of 2019 involved the use of malicious links.

2019-10-9 19:00


Фото:

State-sponsored Chinese hackers have been targeting Southeast Asia since 2013

Researchers have revealed a previously undocumented threat actor of Chinese origin that has run at least six different cyber espionage campaigns in the Southeast Asian region since 2013. The research — disclosed by Palo Alto Networks’ threat intelligence team Unit 42 — linked the attacks to a group (or groups) it called PKPLUG, named after its tactic of delivering PlugX malware inside ZIP files, which are identified with the signature “PK.

2019-10-4 15:23


Фото:

Nasty Glupteba malware uses Bitcoin blockchain to keep itself alive

Cybersecurity researchers have discovered a new strain of the nefarious Glupteba malware that uses the Bitcoin blockchain to ensure it remains dangerous. TrendMicro’s latest blog details the previously undocumented variant which is capable of invading systems to mine Monero cryptocurrency and steal sensitive browser data like passwords and cookies.

2019-9-4 17:09


Фото:

Chinese cyber-espionage group is extorting money from the gaming industry

A Chinese threat actor, known to have perpetrated a series of state-sponsored espionage attacks, has been covertly staging financially motivated activities targeting the video game industry. According to cybersecurity firm FireEye, the cyber threat group — dubbed Advanced Persistent Threat 41 (APT41) — is unique in that “it leverages non-public malware typically reserved for espionage campaigns in what appears to be activity for personal gain.

2019-8-12 14:00


Фото:

Vicious malware threatens to turn search engine into crypto-mining zombie botnet

Enterprise search engine Elasticsearch is under threat of being turned into a sophisticated cryptocurrency mining botnet to be used in distributed denial of service (DDoS) attacks. Cybersecurity firm Trend Micro describes a new malware strain that launches multi-stage attacks on publicly accessible databases and servers that run old versions of Elasticsearch software.

2019-7-23 17:54


Фото:

PayPal Wins Patent for Ransomware Detection Solution

Global payment processing platform PayPal has been awarded a patent for a technique that can help with the timely detection and reduction of ransomware attacks. Ransomware attacks are a form of malware that takes over the victim's computer, locks up the files therein and demands a ransom before the files can be accessed again — often to be paid in cryptocurrency.

2019-4-19 21:17


Here’s how personalized ransomware attacks work, and how to protect yourself

Once a piece of ransomware has got hold of your valuable information, there is very little you can do to get it back other than accede to the attacker’s demands. Ransomware, a type of malware that holds a computer to ransom, has become particularly prevalent in the past few years and virtually unbreakable encryption has made it an even more powerful force.

2019-3-28 19:54


IBM Data Says Cybercriminals Are Replacing Ransomware and Malware Attacks For Cryptojacking

Hackers are always trying to find the most profitable ways to steal money from people online. Because of this, their attacks evolve together with the technology. If hackers used to send emails with simple viruses attached to them before, now they are using a lot more methods, including using other people’s computers to mine crypto. […]

2019-2-28 05:19


Фото:

Pirated Content and Software Drives Malicious Crypto Mining, Says New Report by Kaspersky Lab

Cryptocurrency mining malware attacks, which infected over five million people in the first three quarters of 2018 alone could be entering your systems via pirated software and content. Malicious cryptocurrency mining is the biggest threat to internet users in 2018, leaving behind ransomware which had been most prevalent over the last few years.

2018-11-30 15:59