Business 10 months ago

Admin

Cybertheft gang “Lazarus” is at it again: cryptocurrency users and global banks are at risk

McAfee has discovered a new, more sophisticated strain of malware that seeks out cryptocurrency activity.

McAfee Advanced Threat Research (McAfee ATR) has posted that a new, more sophisticated strain of malware has been discovered. This time the malware is far more patient, and far more deadly. And this time it’s looking for bigger fish to catch: Bitcoin users and global banks. It scans for Bitcoin activity and implants itself for long-term data gathering.

According to McAfee ATR, the malware comes from the Lazarus Group, the same notorious cybertheft gang known for the infamous WannaCry ransomware which freezes a user’s computer and threatens to either wipe out its contents or disperse incriminating or humiliating files from the computer unless the owner pays a hefty ransom, usually in bitcoin. The group is also believed to be behind several big-time cryptoheists, as well as multi-million dollar cyberheists instigated against Southeast Asian and European banks.

McAfee ATR says that this new malware is a descendant of last month’s phishing email campaign, where a seemingly innocuous Word document containing details of a fake job recruitment is circulated in an attempt to trick users into opening the document.

Cybertheft group Lazarus is at it again

The malicious document tricks users into enabling content by saying the document was made using an earlier version of MS Word, which then unleashes the malware into the victim’s computer.

But the new malware called HaoBao, however, seems to be taking cryptocurrency crime to unprecedented sophistication—its implant is a new breed that was not present in previous Lazarus campaigns.

“McAfee ATR analysis finds the dropped implants have never been seen before in the wild and have not been used in previous Lazarus campaigns from 2017,” Ryan Sherstobitoff wrote for McAfee ATR. “Furthermore, this campaign deploys a one-time data gathering implant that relies upon downloading a second stage to gain persistence. The implants contain a hardcoded word “haobao” that is used as a switch when executing from the Visual Basic macro.”

Cybertheft group Lazarus is at it again

How the Haobao works. Source: McAfee

Despite being only a few years old (as far as we know), the Lazarus Group has been rapidly adding several infamously devastating cyber attacks to their portfolio. Global cybersecurity company Kaspersky Lab has been hunting down Lazarus over the past years since their presence came to light in 2016—they attempted to rob $851 million and managed to run off with $81 million. Kaspersky Lab has been monitoring their modus operandi, and says over 150 malware samples have been attributed to the notorious gang.

Note: Tokens in the SegWit chain are referred to as SegWit1X (BTC) and SegWit Gold (SWG) and are no longer Bitcoin. Bitcoin Cash (BCH) is the only true  Bitcoin as intended by the original Satoshi white paper.  Bitcoin BCH is the only public block chain that offers safe and cheap microtransactions.
Note: Tokens on the Bitcoin Core (segwit) Chain are Referred to as BTC coins. Bitcoin Satoshi Vision (BSV) is today the only Bitcoin implementation that follows Satoshi Nakamoto’s original whitepaper for Peer to Peer Electronic Cash. Bitcoin BSV is the only major public blockchain that maintains the original vision for Bitcoin as fast, frictionless, electronic cash.

COMMENT

Add a Comment

lastest news

British MP wants Bitcoin tax payments

Business 1 hour ago

British MP wants Bitcoin tax payments

Citizens might soon be paying for their local taxes and utility bills using Bitcoin and other cryptocurrencies. A member of the British Parliament, Eddie Hughes, a conservative MP for the Walsall North constituency, wants residents ...

Read More
UNICEF to assist blockchain firms with $100M investment

Business 3 hours ago

UNICEF to assist blockchain firms with $100M investment

The United Nations International Children’s Emergency Fund (UNICEF) has pledged up to $100 million to six companies involved with blockchain technology, for delivery of various services in developing areas. The companies, who will be delivering ...

Read More
South Korea: Blockchain startup threatens to appeal ICO ban

Business 9 hours ago

South Korea: Blockchain startup threatens to appeal ICO ban

The cryptocurrency community in South Korea is not happy with the country's decision to ban initial coin offerings. According to local news, Presto, a blockchain start-up in the country, has reportedly claimed that it will ...

Read More