Lazarus malware tricking crypto traders with malicious software

Lazarus, the North Korean hacking operation, has been evolving with new attack vectors and trojan crypto software, according to new research from Kaspersky Labs.

The report states that Lazarus has successfully compromised a series of banks, global cryptocurrency exchanges and fintech companies over the last few months – many with previously-used malware tool Fallchill.

The hackers have also reportedly developed malware for other plaforms including macOS.

“The Lazarus APT group’s continuous attacks on the financial sector are not much of a surprise to anyone,” the research concludes. “A lot of research has been done and published about such attacks. However, we think this case makes a difference. Recent investigation shows how aggressive the group is and how its strategies may evolve in the future.

“This should be a lesson to all of us and a wake-up call to businesses relying on third-party software. Do not automatically trust the code running on your systems. Neither good looking website, nor solid company profile nor the digital certificates guarantee the absence of backdoors. Trust has to be earned and proven. Stay safe!”

Kaspersky aren’t the only security firm tracking Lazarus closely, with McAfee reporting in February that it has discovered a new phishing campaign – HaoBao – thought to be the work of the same cybercrime group.

“In this latest discovery by McAfee ATR, despite a short pause in similar operations, the Lazarus group targets crypto currency and financial organisations,” the company said. “Furthermore, we have observed an increased usage of limited data gathering modules to quickly identify targets for further attacks.

“This campaign is tailored to identifying those who are running Bitcoin related software trough specific system scans.”