Lazarus hackers hiding behind fake crypto firm, again

Getting your Trinity Audio player ready...

North Korea’s infamous cybercrime syndicate Lazarus is at it again, targeting MacOS users this time. The hacking unit has been known to develop very creative attacks, but this time, it’s relying on an old trick with a few modifications. According to security researchers, the hackers are hiding behind a fake cryptocurrency firm to disarm their victims and gain access into their systems.

Lazarus has been known to be behind some of the biggest attacks in the past year, especially in the crypto community. This time, the hackers created a fake company by the name JMT Trading, even developing a legit-looking website. As revealed by security expert Jamf Wardle in a blog post, the hackers then developed an open source crypto trading application, putting the code on GitHub.

However, hidden deep inside that code was malware that once downloaded, gave the hackers unrestricted access to the victim’s machine.

To ensure the efficiency of the attack, the hackers targeted employees working for crypto exchanges or other trading platforms. They would send them the link to the code and ask them to try the app and review it. Once the targeted victim downloaded the code, the hackers would then get to infiltrate the system and execute the attack.

Ingenious as the attack is, it’s nothing new but rather, a rehash of a similar attack the group executed in 2018. In that attack, the hackers also created a fake company, Celas Limited which purported to engage in crypto trading. However, just like with the latest attack Celas Limited’s code contained malware that also gave access to the hackers.

Should you be worried about being the target of such an attack? Wardle thinks not, stating “Do you have to worry about getting infected? Probably not, unless you’re an employee working at a crypto-currency exchange.”

As CoinGeek revealed earlier this year, Lazarus is still very active, with crypto businesses still being its favorite targets. According to various reports, the group made billions of dollars in 2018 from hacking, being responsible for over 65% of all the attacks in the crypto industry.

A report by Kaspersky Labs best summarized it by stating, “If you’re part of the booming cryptocurrency or technological startup industry, exercise extra caution when dealing with new third parties or installing software on your systems. It’s best to check new software with an antivirus or at least use popular free virus-scanning services such as VirusTotal.”