Security researchers from Kaspersky recently found evidence that North Korea’s hacking group known as Lazarus is once again active in the crypto space. In other words, hackers have returned to stealing crypto from unsuspecting coin holders, only this time, they have come up with stealthier methods.
The Lazarus Group started targeting cryptocurrencies a few years ago, and their biggest operation during this period was named AppleJeus when they targeted multiple exchanges. In its new research, Kaspersky believes that the group has significantly changed its methodology and that they are now using the Telegram messenger app to target crypto users.
Researchers claim that hackers are still making fake wallets and exchanges that, after being downloaded, send user data to hackers. After that, stealing cryptocurrencies from unsuspecting victims becomes simple.
The use of Telegram is a new way to approach the situation and deliver malware to crypto users. Hackers are also creating fake sites with links to Telegram channels set up and operated by Lazarus hackers. So far, researchers were able to identify a number of victims from European countries, including the UK, Russia, and Poland. However, many of them are also based in China, and they do not only include individuals, but also entire businesses.
Lazarus Group uses stealthy new malware
As mentioned, Lazarus is taking a stealth approach this time, and their new malware is executed within the systems’ memory, rather than HDD. Meanwhile, the group itself remains quite mysterious, and even their connection to North Korea is speculated, rather than confirmed.
However, their track record is quite well known, and their exploits of users, businesses and exchanges have earned them over $2 billion dollars in crypto. Also, since the group seems to be becoming more and more sophisticated and skilled, researchers do not expect that their efforts to steal crypto will stop anytime soon.
The authorities have been trying to deal with the group in the past, and the US even put them in the sanctions list last year. Even so, this is unlikely to cause too much trouble for the hackers, whose list of successful hits continues to expand.