5 hours ago
10
North Korean affiliated hacking corporate has been laundering ETH and deploying caller strains of crypto stealing malware targeting developers.
North Korean-affiliated hacking corporate the Lazarus Group has been moving crypto assets utilizing mixers pursuing a drawstring of high-profile hacks.
On March 13, blockchain information steadfast CertiK alerted its X followers that it had detected a deposit of 400 ETH (ETH) worthy astir $750,000 to the Tornado Cash mixing service.
“The money traces to the Lazarus group’s enactment connected the Bitcoin network,” it noted.
The North Korean hacking radical was responsible for the monolithic Bybit speech hack that resulted successful the theft of $1.4 cardinal worthy of crypto assets connected Feb. 21.
It has besides been linked to the $29 cardinal Phemex speech hack successful January and has been laundering assets ever since.
Lazarus Group crypto plus movements. Source: Certik
Lazarus has besides been linked to immoderate of the astir notorious crypto hacking incidents, including the $600 cardinal Ronin web hack successful 2022.
North Korean hackers stole implicit $1.3 cardinal worthy of crypto assets successful 47 incidents successful 2024, much than doubling thefts successful 2023, according to Chainalysis data.
New Lazarus malware detected
According to researchers astatine cybersecurity steadfast Socket, Lazarus Group has deployed six caller malicious packages to infiltrate developer environments, bargain credentials, extract cryptocurrency information and instal backdoors.
It has targeted the Node Package Manager (NPM) ecosystem, which is simply a ample postulation of JavaScript packages and libraries.
Researchers discovered malware called “BeaverTail” embedded successful packages that mimic morganatic libraries utilizing typosquatting tactics oregon methods utilized to deceive developers.
“Across these packages, Lazarus uses names that intimately mimic morganatic and wide trusted libraries,” they added.
Related: Inside the Lazarus Group wealth laundering strategy
The malware besides targets cryptocurrency wallets, specifically Solana and Exodus wallets, the added.
Code snippet showing Solana wallet attacks. Source: Socket
The onslaught targets files successful Google Chrome, Brave and Firefox browsers, arsenic good arsenic keychain information connected macOS, specifically targeting developers who mightiness unknowingly instal the malicious packages.
The researchers noted that attributing this onslaught definitively to Lazarus remains challenging; however, “the tactics, techniques, and procedures observed successful this npm onslaught intimately align with Lazarus’s known operations.”
Magazine: Mystery celeb memecoin scam factory, HK steadfast dumps Bitcoin: Asia Express
English (US) ·