North Korean hacking outfit Lazarus is now targeting cryptocurrency exchanges.
Information security firm Kaspersky Labs has discovered it is exploring new attack vectors and trojanizing cryptocurrency software.
Kaspersky Labs has been tracking Lazarus for over a year.
Now, Lazarus is tricking unsuspecting users into downloading cryptocurrency-related software laced with malware.
Its primary function is to load the malware suite FallChill onto machines while opening a series of backdoors.
Computers infected with FallChill can be controlled remotely and should be considered completely compromised.
The use of such malware has become the calling card of Lazarus.
It should be noted thatUS-CERTclaims the North Korean government has used FallChill against political enemies extensively in the past.
US-CERT has another name for the crew, HIDDEN COBRA, which it uses rather than Lazarus.
It’s free, every week, in your inbox.
Until quite recently, hackers have been content with targeting Windows-based machines.
Lazarus is looking to exploit this complacency by distributing malware for macOS and soon Linux.
Kasperskys research warns that this should be a wake-up call for users of non-Windows platforms.
On the surface, Celas Trade Proreally doesappear to be kosher.
It certainlylookslike an all-in-one cryptocurrency trading tool, an interface for making trades and reading market data.
Whats interesting here is that this doesnt appear to be an attempt to steal cryptocurrency directly.
Instead, the hackers appear to be looking to disrupt supply chains and businesses in any way they can.
Or in this case, by leveraging the increased popularity of cryptocurrency trading.
Kaspersky isnt sure which came first Celas Limited, who released Celas Trade Pro, or the hackers.
Kaspersky further points out that the headquarters of Celas Limited is really just a ramen shop in Chicago.
This should be a lesson to all of us and a wake-up call to businesses relying on third-party software.
Do not automatically trust the code running on your systems, Kaspersky warns in its conclusion.
Neither good looking website, nor solid company profile nor the digital certificates guarantee the absence of backdoors.
Trust has to be earned and proven.
He’s currently on the finance beat.
