A new hacking campaign has been initiated by the Lazarus threat group that targets organizations in the cryptocurrency and blockchain industries. The hackers are using trojanized cryptocurrency applications and social engineering tricks to lure employees into downloading and running malicious Windows and macOS apps.
The trojanized apps are then utilized to gain access to the computers and infect them with malware to steal private keys. This way, Lazarus hackers are initiating fraudulent transactions and stealing victims’ crypto assets from their wallets. CISA, the FBI and the US Treasury Department have released an alert, warning potential targets of the risks and highlighting the threat associated with cryptocurrency thefts. The Lazarus hackers belong to a North Korean state-sponsored advanced persistent threat (APT) group, also known as APT38, BlueNoroff, and Stardust Chollima, the alert said.
How Are the Lazarus Phishing Attacks Initiated?
According to the joint alert, “intrusions begin with a large number of spearphishing messages sent to employees of cryptocurrency companies—often working in system administration or software development/IT operations (DevOps)—on a variety of communication platforms.” To make them more believable, the messages mimic a recruitment company offering high-paying jobs to recipients in an attempt to make them download a malware-laced crypto app, which the U.S. government refers to as “TraderTraitor.”
What Is TraderTraitor?
It is noteworthy that Lazarus, as a result of launching at least seven large-scale attacks against cryptocurrency platforms, made approximately $400 million worth of digital assets in 2021 alone. Targets of the attacks were mainly investment firms and centralized exchanges, which were compromised with the help of phishing tricks, code exploits, malware and other advanced social engineering techniques.