According to a recent report by cybersecurity firm Group-IB, the Lazarus Group, a North Korean hacker organization, escalated its cyber attacks on the cryptocurrency market in September 2024 by introducing new malware strains that target browser extensions and video conferencing applications.
The report delineates the group’s expansion of its focus to encompass these platforms, utilizing increasingly sophisticated malware variants.
The Lazarus Group has expanded its attacks to include fake videoconferencing apps and the ‘Contagious Interview’ campaign, which deceived job seekers into downloading malware disguised as job-related duties.
This scheme has since expanded to encompass a fraudulent video conferencing application called “FCC Call,” which imitates legitimate software.
The BeaverTail malware is deployed by the application upon installation. This malware is intended to extract data from cryptocurrency wallets and credentials from browsers through browser extensions.
It then installs a Python-based Trojan, “InvisibleFerret,” which further compromises the victim’s system.
This most recent campaign underscores their growing emphasis on browser extensions for crypto wallets, particularly on MetaMask, Coinbase, BNB Chain Wallet, TON Wallet, and Exodus Web3.
According to analysts at Group-IB, the group is currently focusing on a diverse array of applications, such as MetaMask and Coinbase.
Using malicious JavaScript, they deceive victims into downloading software under the guise of reviews or analysis assignments.
As part of the group’s evolving arsenal, researchers from Group-IB have identified a new suite of Python scripts called “CivetQ.”
These scripts suggest a change in strategy to target blockchain professionals through job search platforms such as Upwork, Moonlight, and WWR.
The hackers typically transition the conversation to Telegram after initiating communication. They deceive victims into obtaining a phony videoconferencing application or a Node.js project, claiming it is necessary for a technical job interview.
The Recent Exploitation of Microsoft Windows Vulnerabilities and the Growing Threat to Cryptocurrency from Lazarus Group
The group has enhanced its techniques to conceal the malicious code of detrimental software in more advanced and innovative ways, thereby making it more difficult to detect.
This escalation is consistent with the Federal Bureau of Investigation’s (FBI) recent warning that North Korean hackers are conducting highly specialized social engineering campaigns to target decentralized finance and cryptocurrency employees.
These campaigns are engineered to infiltrate even the most secure systems, presenting an ongoing threat to organizations with substantial crypto assets.
In a related development, Lazarus Group is purportedly responsible for exploiting a zero-day vulnerability in Microsoft Windows.
The Windows Ancillary Function Driver (AFD.sys) for WinSock contained a privilege escalation flaw, identified as CVE-2024-38193 (CVSS score: 7.8).
The security vulnerability that enabled hackers to access restricted areas of computer systems without being detected was discovered by two researchers, Luigino Camastra and Milánek.
In September 2024, Microsoft resolved the vulnerability as part of its monthly Patch Tuesday update.
In the next few years, AI's insatiable need for energy is likely to grow, which could cause data centers to…
The Usual (USUAL) token has been listed on Binance Launchpool, and pre-market trading will commence shortly. Market optimism has been…
Amazon One Medical is adding more telehealth services with the start of low-cost treatment plans and medication delivery for a…
Franklin Templeton has extended its Benji tokenization platform to the Ethereum network following its previous launches on Aptos, Avalanche, Arbitrum,…
Latest data shows US PPI inflation at 2.4%, above forecast, dampening investor sentiment due to its potential impact on the…
DeFi's increasing accessibility is seen by PancakeSwap's new Telegram bot, which allows users to swap over 3,000 tokens from the…