Subscribe for notification
Crypto

Lazarus Group Hacks Crypto Users with Browser Extension

According to a recent report by cybersecurity firm Group-IB, the Lazarus Group, a North Korean hacker organization, escalated its cyber attacks on the cryptocurrency market in September 2024 by introducing new malware strains that target browser extensions and video conferencing applications.

The report delineates the group’s expansion of its focus to encompass these platforms, utilizing increasingly sophisticated malware variants.

Browser Extension Attacks by Lazarus Group

The Lazarus Group has expanded its attacks to include fake videoconferencing apps and the ‘Contagious Interview’ campaign, which deceived job seekers into downloading malware disguised as job-related duties.

This scheme has since expanded to encompass a fraudulent video conferencing application called “FCC Call,” which imitates legitimate software.

The BeaverTail malware is deployed by the application upon installation. This malware is intended to extract data from cryptocurrency wallets and credentials from browsers through browser extensions.

It then installs a Python-based Trojan, “InvisibleFerret,” which further compromises the victim’s system.

This most recent campaign underscores their growing emphasis on browser extensions for crypto wallets, particularly on MetaMask, Coinbase, BNB Chain Wallet, TON Wallet, and Exodus Web3.

According to analysts at Group-IB, the group is currently focusing on a diverse array of applications, such as MetaMask and Coinbase.

Using malicious JavaScript, they deceive victims into downloading software under the guise of reviews or analysis assignments.

As part of the group’s evolving arsenal, researchers from Group-IB have identified a new suite of Python scripts called “CivetQ.”

These scripts suggest a change in strategy to target blockchain professionals through job search platforms such as Upwork, Moonlight, and WWR.

The hackers typically transition the conversation to Telegram after initiating communication. They deceive victims into obtaining a phony videoconferencing application or a Node.js project, claiming it is necessary for a technical job interview.

The Recent Exploitation of Microsoft Windows Vulnerabilities and the Growing Threat to Cryptocurrency from Lazarus Group

Lazarus Group’s Growing Threat to Crypto And Recent Exploitation of Microsoft Windows Vulnerabilities

The group has enhanced its techniques to conceal the malicious code of detrimental software in more advanced and innovative ways, thereby making it more difficult to detect.

This escalation is consistent with the Federal Bureau of Investigation’s (FBI) recent warning that North Korean hackers are conducting highly specialized social engineering campaigns to target decentralized finance and cryptocurrency employees.

These campaigns are engineered to infiltrate even the most secure systems, presenting an ongoing threat to organizations with substantial crypto assets.

In a related development, Lazarus Group is purportedly responsible for exploiting a zero-day vulnerability in Microsoft Windows.

The Windows Ancillary Function Driver (AFD.sys) for WinSock contained a privilege escalation flaw, identified as CVE-2024-38193 (CVSS score: 7.8).

The security vulnerability that enabled hackers to access restricted areas of computer systems without being detected was discovered by two researchers, Luigino Camastra and Milánek.

In September 2024, Microsoft resolved the vulnerability as part of its monthly Patch Tuesday update.

King David

David is a writer and digital marketer with a History degree. Formerly a Shill Angel at Aex Global Exchange. Currently thriving as a Cloud and AI Engineer, David is also passionate about Blockchain and Web3 technologies. Through his writing, he seeks to educate and inspire, sharing insights on the intersection of AI, Web3, and Blockchain Technology.

Disqus Comments Loading...

Recent Posts

Gold-Backed Coin Aims To Boost Bitcoin In Texas

A Texas congressman says the state's gold-backed digital currency could boost crypto adoption and inspire investors to explore Bitcoin. According…

2 hours ago

Ether Price Rises Despite Whale Sell-off

Ether price is breaking out above $3,700 despite significant selling pressure, driven by an emerging bull flag, analysts report. Some…

3 hours ago

Kevin Warsh- Treasury Secretary, Succeed Fed Chair Powell

Donald Trump is considering Kevin Warsh for Treasury Secretary and to succeed Jerome Powell as Fed Chair when his term…

5 hours ago

Upbit Refunds Millions After Crypto Hack

Upbit refunded 8.5 billion won to 380 voice phishing victims, as authorities expose North Korea's involvement in previous hacks. Upbit,…

6 hours ago

Charles Schwab CEO Regrets Not Investing In Crypto

Rick Wurster, set to become CEO next year, stated he has no plans to buy crypto but aims to support…

7 hours ago

Federal Task Force Busts Cartel-Linked Crypto Laundering Ring

Nine individuals were charged with laundering U.S. drug proceeds into cryptocurrency for Mexican and Colombian cartels from 2020 to 2023.…

8 hours ago