Hackers Distributing Trojanized DeFi Wallet Apps to Steal Crypto

The North Korean state-backed hacking crew, often known as the Lazarus Group, has been attributed to one more financially motivated marketing campaign that leverages trojanized decentralized finance (DeFi) pockets apps to distribute a fully-featured backdoor onto compromised Windows methods.

North Korean Hackers Distributing Trojanized DeFi Wallet Apps to Steal Crypto

The app is designed to set off the launch of the implant that may take management of the contaminated host. Russian cybersecurity agency Kaspersky stated it first encountered the rogue utility in mid-December 2021.

“For the Lazarus threat actor, financial gain is one of the prime motivations, with a particular emphasis on the cryptocurrency business. As the price of cryptocurrency surges, and the popularity of non-fungible token (NFT) and decentralized finance (DeFi) businesses continues to swell, the Lazarus group’s targeting of the financial industry keeps evolving,”

Kaspersky GReAT researchers highlighted.

The an infection scheme initiated by the app additionally leads to the deployment of the installer for a professional utility, which will get overwritten with a trojanized model in an effort to cowl its tracks.

The spawned malware launches a pockets app constructed for the DeFiChain, whereas additionally establishing connections to a distant attacker-controlled area and awaiting additional directions from the server.

Based on the response acquired from the command-and-control (C2) server, the trojan proceeds to execute a variety of instructions, granting it the power to gather system data, enumerate and terminate processes, delete recordsdata, launch new processes, and save arbitrary recordsdata on the machine.

The C2 infrastructure used on this marketing campaign solely consisted of beforehand compromised net servers situated in South Korea, prompting the cybersecurity firm to work with the nation’s pc emergency response group (KrCERT) to dismantle the servers.

So beware whereas utilizing any such app.

Check Also: Hackers Pose as Law Enforcement Authorities to Get Access to Apple and Meta’s Data

Source: Digital Trend


Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button