Subscribe for notification
Crypto

Lazarus Group Hacks Crypto Users with Browser Extension

According to a recent report by cybersecurity firm Group-IB, the Lazarus Group, a North Korean hacker organization, escalated its cyber attacks on the cryptocurrency market in September 2024 by introducing new malware strains that target browser extensions and video conferencing applications.

The report delineates the group’s expansion of its focus to encompass these platforms, utilizing increasingly sophisticated malware variants.

Browser Extension Attacks by Lazarus Group

The Lazarus Group has expanded its attacks to include fake videoconferencing apps and the ‘Contagious Interview’ campaign, which deceived job seekers into downloading malware disguised as job-related duties.

This scheme has since expanded to encompass a fraudulent video conferencing application called “FCC Call,” which imitates legitimate software.

The BeaverTail malware is deployed by the application upon installation. This malware is intended to extract data from cryptocurrency wallets and credentials from browsers through browser extensions.

It then installs a Python-based Trojan, “InvisibleFerret,” which further compromises the victim’s system.

This most recent campaign underscores their growing emphasis on browser extensions for crypto wallets, particularly on MetaMask, Coinbase, BNB Chain Wallet, TON Wallet, and Exodus Web3.

According to analysts at Group-IB, the group is currently focusing on a diverse array of applications, such as MetaMask and Coinbase.

Using malicious JavaScript, they deceive victims into downloading software under the guise of reviews or analysis assignments.

As part of the group’s evolving arsenal, researchers from Group-IB have identified a new suite of Python scripts called “CivetQ.”

These scripts suggest a change in strategy to target blockchain professionals through job search platforms such as Upwork, Moonlight, and WWR.

The hackers typically transition the conversation to Telegram after initiating communication. They deceive victims into obtaining a phony videoconferencing application or a Node.js project, claiming it is necessary for a technical job interview.

The Recent Exploitation of Microsoft Windows Vulnerabilities and the Growing Threat to Cryptocurrency from Lazarus Group

Lazarus Group’s Growing Threat to Crypto And Recent Exploitation of Microsoft Windows Vulnerabilities

The group has enhanced its techniques to conceal the malicious code of detrimental software in more advanced and innovative ways, thereby making it more difficult to detect.

This escalation is consistent with the Federal Bureau of Investigation’s (FBI) recent warning that North Korean hackers are conducting highly specialized social engineering campaigns to target decentralized finance and cryptocurrency employees.

These campaigns are engineered to infiltrate even the most secure systems, presenting an ongoing threat to organizations with substantial crypto assets.

In a related development, Lazarus Group is purportedly responsible for exploiting a zero-day vulnerability in Microsoft Windows.

The Windows Ancillary Function Driver (AFD.sys) for WinSock contained a privilege escalation flaw, identified as CVE-2024-38193 (CVSS score: 7.8).

The security vulnerability that enabled hackers to access restricted areas of computer systems without being detected was discovered by two researchers, Luigino Camastra and Milánek.

In September 2024, Microsoft resolved the vulnerability as part of its monthly Patch Tuesday update.

King David

David is a writer and digital marketer with a History degree. Formerly a Shill Angel at Aex Global Exchange. Currently thriving as a Cloud and AI Engineer, David is also passionate about Blockchain and Web3 technologies. Through his writing, he seeks to educate and inspire, sharing insights on the intersection of AI, Web3, and Blockchain Technology.

Disqus Comments Loading...

Recent Posts

AI Data Centers Face Power Crunch in 2027

In the next few years, AI's insatiable need for energy is likely to grow, which could cause data centers to…

9 mins ago

Binance Launchpool Lists USUAL with Pre-Market Trading

The Usual (USUAL) token has been listed on Binance Launchpool, and pre-market trading will commence shortly. Market optimism has been…

18 mins ago

Amazon Expands Telehealth with Low-Cost Plans

Amazon One Medical is adding more telehealth services with the start of low-cost treatment plans and medication delivery for a…

22 mins ago

Franklin Templeton Extends Platform to Ethereum

Franklin Templeton has extended its Benji tokenization platform to the Ethereum network following its previous launches on Aptos, Avalanche, Arbitrum,…

35 mins ago

US PPI Rise 2.4%; Impact on Bitcoin Unclear

Latest data shows US PPI inflation at 2.4%, above forecast, dampening investor sentiment due to its potential impact on the…

1 hour ago

PancakeSwap Launches Telegram Bot for Crypto Trades

DeFi's increasing accessibility is seen by PancakeSwap's new Telegram bot, which allows users to swap over 3,000 tokens from the…

2 hours ago