April 19, 2024
Lazarus Group's New Malware Bypasses Crypto Firms' Detection
Latest Cryptocurrency News

Lazarus Group’s New Malware Bypasses Crypto Firms’ Detection

The North Korean hacking group known as the Lazarus Group has been employing a new, highly sophisticated malware in its fake employment scams, which is proving to be much more challenging to detect than its predecessor.

ESET’s senior malware researcher, Peter Kálnai, revealed in a post on September 29 that while investigating a recent fake job attack targeting a Spain-based aerospace company, researchers discovered a previously undocumented backdoor called LightlessCan. The Lazarus Group’s fake job scam typically involves luring victims with a fake offer of employment at a reputable company and then persuading them to download a malicious payload disguised as documents.

Kálnai explained that the new LightlessCan payload represents a significant advancement over its predecessor, BlindingCan. LightlessCan mimics the functionalities of various native Windows commands, allowing for discreet execution within the Remote Access Trojan (RAT) itself rather than through noisy console executions. This approach enhances stealthiness, making it more challenging to evade real-time monitoring solutions like Endpoint Detection and Response (EDR) systems and postmortem digital forensic tools.

Furthermore, the new payload includes what Kálnai calls “execution guardrails,” ensuring that the payload can only be decrypted on the intended victim’s machine, thereby preventing unintended decryption by security researchers.

One case involving this new malware occurred during an attack on a Spanish aerospace company when an employee received a message from a fake Meta recruiter named Steve Dawson in 2022. The hackers then sent two simple coding challenges embedded with the malware. Kálnai noted that cyber espionage was the primary motivation behind the Lazarus Group’s attack on the aerospace firm.

Over the years, North Korean hackers have been responsible for stealing an estimated $3.5 billion from various cryptocurrency projects, as reported by blockchain forensics firm Chainalysis in a September 14 report.

In September 2022, cybersecurity firm SentinelOne warned of a fake job scam on LinkedIn, where potential victims were offered a job at Crypto.com as part of a campaign called “Operation Dream Job.”

Meanwhile, the United Nations has been working to combat North Korea’s cybercrime activities on the international stage, as it is believed that the stolen funds are used to support North Korea’s nuclear missile program.

Image by Kerfin7 on Freepik

Related posts

FTX Launches Claims Portal That Goes Offline After an Hour

Kevin Wilson

Coinbase Sees 52% Decline in Spot Trading Volume Compared to 2022: Report

Chloe Taylor

Crypto Mining Tax Contributions on the Rise in Kyrgyzstan

Bran Lopez

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More