While there are countless hackers that are active in the crypto market, one of the notorious names that people have come across is that of Lazarus group, a hacking organization based in North Korea.
The organization has been known for its criminal activity in the crypto space and has recently been linked to a new scheme.
This one is aimed to attack and breach systems in order to steal crypto from third parties. Applejeus is a malware product that already exists in the market and the new scheme uses a modified version for carrying out the attack.
The malware product can use documents, or even a crypto site in order to get access to systems for stealing crypto.
Modified malware
A cybersecurity firm based in Washington D.C., Volexity discovered that the North Korean hacking group known as Lazarus is involved in this latest attack scheme.
The US government has already sanctioned the hacking group, which is now using a crypto site for infecting systems in order to steal crypto as well as information from third parties.
On December 1st, a blog post was published, which revealed that a domain name had been registered by Lazarus called bloxholder.com.
It was meant to be set up as a business that would offer automatic crypto trading services to clients. Lazarus made use of this website as a front and asked users to download an app.
This particular app was utilized as a payload for delivering the malware known as Applejeus, which would compromise the system of the users and steal sensitive data and private keys.
Lazarus has used a similar strategy before as well. But, the new scheme is a tad different because it enables the app to slow down and confuses the task of malware detection.
Method change
Another important piece of information that Volexity discovered is that there was a change in the technique used for delivering the malware to the end users.
The change in method resulted in the use of Office documents, particularly a spreadsheet that comprised of macros, which is a kind of program that is integrated into the documents.
This particular program is responsible for installing the Applejeus malware into the user’s system. The document has been named as a VIP fee comparison for Huobi, Binance and OKX.
It highlights the VIP programs that are operated at these crypto exchanges, which are offered at different levels.
The action
It is understood that no one wants to become a victim to this scheme and it was recommended that the execution of macros should be blocked in the documents in order to make it so.
In addition, users were also informed that they should monitor and scrutinize any new tasks that may be created in the operating system in order to get the awareness of any new and unidentified tasks that may be taking place in the background.
But, it should be noted that Volexity did not shed light on the reach of this new scheme. The Department of Justice in the US had formally indicated Lazarus back in February last year.
In March 2020, two Chinese nationals had also been indicated by the Department of Justice for helping in the laundering of crypto worth $100 million, which had been linked to some of the exploits of the hacking group.