North Korea’s Lazarus hackers targeting crypto users via Telegram

on Jan 10, 2020
Updated: Mar 11, 2020
  • North Korean Lazarus Group is back, and once again, they are targeting crypto users in order to steal their digital funds.
  • Researchers from Kaspersky warned that the group is using much stealthier methods this time, and that it uses Telegram Messenger to target new victims.
  • Hackers are making fake websites, exchanges, and Telegram crypto groups in order to attract users and target them with memory-running malware.

Follow Invezz on Telegram, Twitter, and Google News for instant updates >

Security researchers from Kaspersky recently found evidence that North Korea’s hacking group known as Lazarus is once again active in the crypto space. In other words, hackers have returned to stealing crypto from unsuspecting coin holders, only this time, they have come up with stealthier methods.

The Lazarus Group started targeting cryptocurrencies a few years ago, and their biggest operation during this period was named AppleJeus when they targeted multiple exchanges. In its new research, Kaspersky believes that the group has significantly changed its methodology and that they are now using the Telegram messenger app to target crypto users.

Are you looking for signals & alerts from pro-traders? Sign-up to Invezz Signals™ for FREE. Takes 2 mins.

Researchers claim that hackers are still making fake wallets and exchanges that, after being downloaded, send user data to hackers. After that, stealing cryptocurrencies from unsuspecting victims becomes simple.

The use of Telegram is a new way to approach the situation and deliver malware to crypto users. Hackers are also creating fake sites with links to Telegram channels set up and operated by Lazarus hackers. So far, researchers were able to identify a number of victims from European countries, including the UK, Russia, and Poland. However, many of them are also based in China, and they do not only include individuals, but also entire businesses.

Lazarus Group uses stealthy new malware

Copy link to section

As mentioned, Lazarus is taking a stealth approach this time, and their new malware is executed within the systems’ memory, rather than HDD. Meanwhile, the group itself remains quite mysterious, and even their connection to North Korea is speculated, rather than confirmed.

However, their track record is quite well known, and their exploits of users, businesses and exchanges have earned them over $2 billion dollars in crypto. Also, since the group seems to be becoming more and more sophisticated and skilled, researchers do not expect that their efforts to steal crypto will stop anytime soon.

The authorities have been trying to deal with the group in the past, and the US even put them in the sanctions list last year. Even so, this is unlikely to cause too much trouble for the hackers, whose list of successful hits continues to expand.


Want easy-to-follow crypto, forex & stock trading signals? Make trading simple by copying our team of pro-traders. Consistent results. Sign-up today at Invezz Signals.

Learn more