Notorious Hacker Lazarus Hunting For Victims
Notorious crypto hackers, Lazarus Group, are once again back and actively carrying out their nefarious designs against crypto-interested people.
Now the criminal organization is hell-bent on victimizing people by luring them into their traps for stealing their crypto funds.
Their criminal activities have been identified by a cyber-security firm called âVolexityâ, which is based in Washington D.C., USA.
The cybersecurity firm has alleged that Lazarus Group is actively involved in using fake websites for breaching othersâ networks.
By breaching the networks and making them hostages, the criminal organization then steals crypto funds and data from third parties.
Beware of âApplejeusâ Malware
An article published on 1st December suggested that Lazarus has obtained a domain for launching a phony website known as âbloxholder.comâ.
It is rumored that this website would be used by Lazarus for offering services including automated digital currency trading services.
The article further suggested that the phony website would be a trap where victims would be convinced in downloading a particular app.
The downloaded app, according to the article, is no app but in fact, a notorious malware that is widely known as âApplejeusâ.
Volexity has confirmed that Applejeus malware has been further modified by the criminal organization for making it more lethal.
Through this malware, Lazarus aims at attacking victimsâ private keys and other crucial data from the systems victims would be using.
Modified Version of Malware
According to Volexity, Lazarus hasnât brought any prominent change in the malwareâs functionality and design. What makes Applejeusâs modified version different is that it cannot be detected so easily.
It has been modified to the extent that it frustrates and slows down security protocols so as to buy extra time. So by the time, the malware is detected, it is already too late.
The security firm has also taken notice that the hacking organization has altered its technique two months ago in October.
Malware Hiding behind âMacrosâ
Through the alteration, they have been using Office spreadsheets which comprise âmacrosâ. Within macros, they have been hiding Applejeus malware which then sneaks into the system and does its job.
For instance, the documents come with several names and one of them being âOKX Binance & Huobi VIP fee comparison.xlsâ.
This document claims to introduce VIP benefits to users of these globally renowned crypto trading platforms named in the spreadsheet.
If a person allows this document, then without their knowledge, they would be compromising their sensitive data and information.
However, the attempt can be prevented if macros execution is disabled. Also to avoid the attack, it is recommended to keep a close eye on the computerâs OS.
This monitoring should be done to ensure that there are no unidentified or unauthorized tasks that may be running in the background.
Lazarus Impleaded In US Court Proceedings
Last year in February, Lazarus was impleaded in a case lodged against it by the Department of Justice (DOJ), USA.
Lazarus was accused of spying on behalf of an intelligence organization working under North Korea.
Similarly, in 2020, another case was initiated by DOJ against two Chinese nationals. The accused were alleged to have been linked with the criminal organization.
According to DOJ, the accused Chinese nationals helped the criminal organization siphon off funds to the tune of $100 Million.
The Lazarus Group is reportedly from North Korea that has become extremely notorious for being involved in multiple hacks.
The group has been involved in multiple hack attacks and it has been going after multiple crypto firms from all over the world.
The group has stolen millions and millions from different cryptocurrency and semi-government firms from all over the world.
It is also known for stealing information from people from the United States and sharing it with intelligence agencies in North Korea.
According to the US authorities, North Korea is backing up Lazarus from their end.