North Korean Hackers Target Blockchain Engineers with Deceptive Crypto Bot

by Nik Asti

Published: November 01, 2023 at 11:11 pm Updated: November 01, 2023 at 11:11 pm

To improve your local-language experience, sometimes we employ an auto-translation plugin. Please note auto-translation may not be accurate, so read original article for precise information.

In a revealing update from Elastic Security Labs, North Korea notorious Lazarus Group has emerged as the culprits behind an intricate hacking scheme aimed at blockchain engineers.

The hackers wielded a Python application, deceitfully presented as a cryptocurrency arbitrage bot, which they disseminated through direct messages on public Discord servers.

While it’s not uncommon for cybercriminals to exploit Discord’s massive user base for nefarious purposes, what’s striking in this particular instance is the malware’s design for macOS systems. Typically, macOS intrusions are not orchestrated in such a manner.

Elastic Security Labs chanced upon this malware during an analysis where they noticed an unusual attempt to load a binary into memory on a macOS device. This led them to uncover the aforementioned Python application linked to the intrusion.

Several factors cemented Lazarus Group’s involvement, including similarities in techniques, network infrastructure, and code-signing certificates. Additionally, the malware bore certain signature traits associated with previous attacks by the North Korea Lazarus Group. Elastic Security Labs has cataloged this specific intrusion pattern under the label REF7001.

Here’s a concise breakdown of the unfolding events:

1. Lazarus Group, under the DPRK’s banner, baited blockchain engineers using a Python application as the initial point of entry.
2. This malware exhibited multi-layered complexities, each specifically designed to dodge security defenses.
3. Contrary to standard macOS malware attacks, this strategy revolved around loading binaries into the macOS system’s memory.

Blockchain engineers and crypto enthusiasts should exercise caution, especially when they receive unsolicited software recommendations or tools on platforms like Discord. The Lazarus Group’s continued evolution in its cyber-espionage tactics underscores the persistent threat they pose to the crypto industry and beyond.

Nik is an accomplished analyst and writer at Metaverse Post, specializing in delivering cutting-edge insights into the fast-paced world of technology, with a particular emphasis on AI/ML, XR, VR, on-chain analytics, and blockchain development. His articles engage and inform a diverse audience, helping them stay ahead of the technological curve. Possessing a Master’s degree in Economics and Management, Nik has a solid grasp of the nuances of the business world and its intersection with emergent technologies.

More articles

Nik Asti

• 
  
  

Nik is an accomplished analyst and writer at Metaverse Post, specializing in delivering cutting-edge insights into the fast-paced world of technology, with a particular emphasis on AI/ML, XR, VR, on-chain analytics, and blockchain development. His articles engage and inform a diverse audience, helping them stay ahead of the technological curve. Possessing a Master’s degree in Economics and Management, Nik has a solid grasp of the nuances of the business world and its intersection with emergent technologies.

• 
  
  

More articles