North Korean hackers have unleashed a new malware variant dubbed “Durian” to target South Korean cryptocurrency companies.
According to a May 9 report from cybersecurity firm Kaspersky, the North Korean hacking group Kimsuky deployed this malware in targeted assaults on at least two cryptocurrency firms.
These attacks exploited legitimate security software exclusively used by South Korean crypto companies. The previously undisclosed Durian malware acts as an installer, unleashing a series of spyware, including a backdoor named “AppleSeed,” a custom proxy tool called LazyLoad, and other authentic programs such as Chrome Remote Desktop.
“Durian features extensive backdoor capabilities, allowing the execution of received commands, additional file downloads, and the exfiltration of files,” Kaspersky noted.
Furthermore, the cybersecurity company uncovered that LazyLoad was also employed by Andariel, a subgroup within the well-known North Korean hacking consortium, Lazarus group, suggesting a “tentative” connection between Kimsuky and the more notorious hacking entity.
Emerging in 2009, Lazarus has earned infamy as one of the most prominent cryptocurrency hacking groups.
On April 29, ZachXBT, an independent blockchain investigator, revealed that the Lazarus outfit had successfully laundered over $200 million in illicitly obtained cryptocurrency from 2020 to 2023.
In May, a report from the United Nations Security Council pointed to North Korea’s escalating involvement in cyberattacks, accounting for nearly half of its foreign currency revenue. While investigations continue, the Lazarus Group is suspected of pilfering over $3 billion in cryptocurrency assets in a six-year period, culminating in 2023.
Lazarus was accused of siphoning off more than 17% — around $300 million — of all purloined funds in 2023. As per an analysis by Immunefi released on December 28, cyberattacks and exploits led to losses exceeding $1.8 billion in cryptocurrency in 2023.
The infamous Lazarus group is known to heavily utilize crypto mixers in their operations to obfuscate the origins of pilfered funds. Amid concerns about laundering via privacy protocols, Railgun, a popular protocol, has denied allegations of being utilized by North Korean hackers or sanctioned individuals.
These revelations surfaced following a January 2023 statement from the FBI, suggesting that North Korea’s Lazarus Group had laundered over $60 million in Ethereum through Railgun following a cyberattack in June 2022.
With the U.S. sanctions imposed on prominent crypto mixer Tornado Cash, speculation arose about Railgun emerging as a favored alternative for such activities.
Summary Review: The emergence of the “Durian” malware by North Korean hackers targeting South Korean cryptocurrency firms, as confirmed by Kaspersky, underscores the persistent threat posed by cybercriminals in the crypto space. The use of sophisticated malware and the exploitation of legitimate security software highlight the evolving tactics employed by malicious actors to infiltrate and compromise crypto companies. Moreover, the reported connections between Kimsuky and the infamous Lazarus group raise concerns about the extent of cybercrime networks operating globally. As investigations into these attacks continue, it is imperative for cryptocurrency companies to remain vigilant and implement robust security measures to safeguard their assets and customers’ information. Additionally, regulatory bodies and law enforcement agencies must collaborate closely to combat cyber threats effectively and protect the integrity of the cryptocurrency ecosystem.
Disclaimer: Remember that nothing in this article and everything under the responsibility of Web30 News should be interpreted as financial advice. The information provided is for entertainment and educational purposes only. Investing in cryptocurrency involves inherent risks and potential investors should be aware that capital is at risk and returns are never guaranteed. It is imperative that you conduct thorough research and consult with a qualified financial advisor before making any investment decision.
