Image Courtesy: The Hacker News
The Lazarus Gang, a North Korean state-backed hacker group, has been linked to yet another financially motivated effort that distributes a fully-featured backdoor onto hacked Windows systems via a trojanized decentralised finance (DeFi) wallet programme.
The programme, which contains functionality for saving and managing a cryptocurrency wallet, is also designed to launch the implant, which has the ability to seize control of the afflicted host. According to Russian cybersecurity firm Kaspersky, the malicious application was found in mid-December 2021.
In order to hide its tracks, the app-initiated infection strategy also deploys an installer for a legal application, which is overwritten with a trojanized version. The initial access point, on the other hand, is unknown, though it is suspected to be an instance of social engineering.
The generated malware then runs a DeFiChain wallet app while also connecting to a remote attacker-controlled domain and waiting for additional instructions from the server.
Image Courtesy: The Hacker News
Based on the answer from the command-and-control (C2) server, the trojan then executes a number of operations, providing it with the power to collect system information, enumerate and terminate processes, delete files, create new processes, and save arbitrary files on the machine.
This campaign's C2 infrastructure was entirely made up of previously compromised web servers in South Korea, forcing the cybersecurity firm to work with the country's computer emergency response team (KrCERT) to decommission the servers.
More than two months ago, Kaspersky published information of a similar "SnatchCrypto" effort conducted by the Lazarus sub-group known as BlueNoroff to steal digital cash from victims' MetaMask wallets.
"One of the key motives for the Lazarus threat actor is financial gain, with a special concentration on the bitcoin business. As the price of bitcoin climbs and the popularity of non-fungible token (NFT) and decentralised finance (DeFi) firms grow, the Lazarus group's focus on the financial industry evolves "According to the researchers at Kaspersky GReAT.
Please do not enter any spam link in the comment box.