• Thu. Dec 26th, 2024

Notorious Lazarus Group Accused Of Launching New Crypto Fraud Scheme

Avatar

By

Dec 11, 2022

Notorious Hacker Lazarus Hunting For Victims

Notorious crypto hackers, Lazarus Group, are once again back and actively carrying out their nefarious designs against crypto-interested people.

Now the criminal organization is hell-bent on victimizing people by luring them into their traps for stealing their crypto funds.

Their criminal activities have been identified by a cyber-security firm called ‘Volexity’, which is based in Washington D.C., USA.

The cybersecurity firm has alleged that Lazarus Group is actively involved in using fake websites for breaching others’ networks.

By breaching the networks and making them hostages, the criminal organization then steals crypto funds and data from third parties.

Beware of ‘Applejeus’ Malware

An article published on 1st December suggested that Lazarus has obtained a domain for launching a phony website known as ‘bloxholder.com’.

It is rumored that this website would be used by Lazarus for offering services including automated digital currency trading services.

The article further suggested that the phony website would be a trap where victims would be convinced in downloading a particular app.

The downloaded app, according to the article, is no app but in fact, a notorious malware that is widely known as ‘Applejeus’.

Volexity has confirmed that Applejeus malware has been further modified by the criminal organization for making it more lethal.

Through this malware, Lazarus aims at attacking victims’ private keys and other crucial data from the systems victims would be using.

Modified Version of Malware

According to Volexity, Lazarus hasn’t brought any prominent change in the malware’s functionality and design. What makes Applejeus’s modified version different is that it cannot be detected so easily.

It has been modified to the extent that it frustrates and slows down security protocols so as to buy extra time. So by the time, the malware is detected, it is already too late.

The security firm has also taken notice that the hacking organization has altered its technique two months ago in October.

Malware Hiding behind ‘Macros’

Through the alteration, they have been using Office spreadsheets which comprise ‘macros’. Within macros, they have been hiding Applejeus malware which then sneaks into the system and does its job.

For instance, the documents come with several names and one of them being “OKX Binance & Huobi VIP fee comparison.xls”.

This document claims to introduce VIP benefits to users of these globally renowned crypto trading platforms named in the spreadsheet.

If a person allows this document, then without their knowledge, they would be compromising their sensitive data and information.

However, the attempt can be prevented if macros execution is disabled. Also to avoid the attack, it is recommended to keep a close eye on the computer’s OS.

This monitoring should be done to ensure that there are no unidentified or unauthorized tasks that may be running in the background.

Lazarus Impleaded In US Court Proceedings

Last year in February, Lazarus was impleaded in a case lodged against it by the Department of Justice (DOJ), USA.

Lazarus was accused of spying on behalf of an intelligence organization working under North Korea.

Similarly, in 2020, another case was initiated by DOJ against two Chinese nationals. The accused were alleged to have been linked with the criminal organization.

According to DOJ, the accused Chinese nationals helped the criminal organization siphon off funds to the tune of $100 Million.

The Lazarus Group is reportedly from North Korea that has become extremely notorious for being involved in multiple hacks.

The group has been involved in multiple hack attacks and it has been going after multiple crypto firms from all over the world.

The group has stolen millions and millions from different cryptocurrency and semi-government firms from all over the world.

It is also known for stealing information from people from the United States and sharing it with intelligence agencies in North Korea.

According to the US authorities, North Korea is backing up Lazarus from their end.

Avatar

Leave a Reply

Your email address will not be published. Required fields are marked *