July 21, 2024
Lazarus Group's New Malware Bypasses Crypto Firms' Detection
Latest Cryptocurrency News

Lazarus Group’s New Malware Bypasses Crypto Firms’ Detection

The North Korean hacking group known as the Lazarus Group has been employing a new, highly sophisticated malware in its fake employment scams, which is proving to be much more challenging to detect than its predecessor.

ESET’s senior malware researcher, Peter Kálnai, revealed in a post on September 29 that while investigating a recent fake job attack targeting a Spain-based aerospace company, researchers discovered a previously undocumented backdoor called LightlessCan. The Lazarus Group’s fake job scam typically involves luring victims with a fake offer of employment at a reputable company and then persuading them to download a malicious payload disguised as documents.

Kálnai explained that the new LightlessCan payload represents a significant advancement over its predecessor, BlindingCan. LightlessCan mimics the functionalities of various native Windows commands, allowing for discreet execution within the Remote Access Trojan (RAT) itself rather than through noisy console executions. This approach enhances stealthiness, making it more challenging to evade real-time monitoring solutions like Endpoint Detection and Response (EDR) systems and postmortem digital forensic tools.

Furthermore, the new payload includes what Kálnai calls “execution guardrails,” ensuring that the payload can only be decrypted on the intended victim’s machine, thereby preventing unintended decryption by security researchers.

One case involving this new malware occurred during an attack on a Spanish aerospace company when an employee received a message from a fake Meta recruiter named Steve Dawson in 2022. The hackers then sent two simple coding challenges embedded with the malware. Kálnai noted that cyber espionage was the primary motivation behind the Lazarus Group’s attack on the aerospace firm.

Over the years, North Korean hackers have been responsible for stealing an estimated $3.5 billion from various cryptocurrency projects, as reported by blockchain forensics firm Chainalysis in a September 14 report.

In September 2022, cybersecurity firm SentinelOne warned of a fake job scam on LinkedIn, where potential victims were offered a job at Crypto.com as part of a campaign called “Operation Dream Job.”

Meanwhile, the United Nations has been working to combat North Korea’s cybercrime activities on the international stage, as it is believed that the stolen funds are used to support North Korea’s nuclear missile program.

Image by Kerfin7 on Freepik

Disclosure Statement: Miami Crypto does not take any external funding, or support to bring crypto news to the readers. We do not have any conflicts of interest while writing news stories on Miami Crypto.

Related posts

Tether CEO Highlights the Traceability of Cryptocurrency in Countering Terrorism

Kevin Wilson

Tether’s Tightens ToS in Singapore Bars Certain Corporate Entities: Cake DeFi Reacts

Cheryl  Lee

Sam Bankman-Fried to Testify in Criminal Trial

Eva Moore

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

Please enter CoinGecko Free Api Key to get this plugin works.