The Lazarus Group, a notorious North Korean hacker organization, has ramped up its cyber attacks on the cryptocurrency market in September 2024. According to a report by cybersecurity firm Group-IB, the group has introduced new malware strains targeting browser extensions and video conferencing applications. The report highlights how the Lazarus Group has expanded its focus to include these platforms, using increasingly sophisticated malware variants.
One of the tactics employed by the Lazarus Group is the ‘Contagious Interview’ campaign, where job seekers are tricked into downloading malware disguised as job-related tasks. The group has now extended its attacks to include fake video conferencing apps, such as the fake app called “FCCCall,” which installs the BeaverTail malware on victims’ systems. This malware is designed to exfiltrate credentials from browsers and data from cryptocurrency wallets via browser extensions, further compromising the victim’s system.
The Lazarus Group’s latest campaign specifically targets popular crypto wallet browser extensions, including MetaMask, Coinbase, BNB Chain Wallet, TON Wallet, and Exodus Web3. The group lures victims into downloading malicious software under the pretense of reviews or analysis tasks, using deceptive tactics to infiltrate their systems. Group-IB researchers have identified a new suite of Python scripts, named “CivetQ,” as part of the group’s evolving toolkit, indicating a shift in tactics to target blockchain professionals through job search platforms.
In addition to the browser extension attacks, the Lazarus Group has also exploited Microsoft Windows vulnerabilities to further infiltrate systems in the cryptocurrency sector. By exploiting a zero-day Microsoft Windows vulnerability (CVE-2024-38193), the group was able to access restricted parts of computer systems without being detected. This escalation of tactics poses a significant threat to organizations in the decentralized finance and cryptocurrency sectors, as the group continues to evolve and adapt its methods to evade detection.
The Federal Bureau of Investigation (FBI) has warned of North Korean hackers targeting employees in decentralized finance and cryptocurrency sectors with specialized social engineering campaigns. These campaigns are designed to penetrate even the most secure systems, highlighting the ongoing threat posed by groups like Lazarus. By improving its methods and hiding malicious code in sophisticated ways, the Lazarus Group remains a formidable threat in the cryptocurrency market, necessitating heightened vigilance and security measures from organizations with substantial crypto assets.
As the Lazarus Group intensifies its cyber attacks on the cryptocurrency market, it is essential for individuals and organizations in the industry to stay informed about the latest trends in cyber threats and security vulnerabilities. By following best practices for cybersecurity, such as using strong passwords, enabling two-factor authentication, and keeping software up to date, individuals can protect themselves from falling victim to malicious attacks orchestrated by groups like Lazarus. By staying vigilant and proactive in their approach to cybersecurity, stakeholders in the cryptocurrency sector can mitigate the risk of falling prey to cybercriminal activities and safeguard their digital assets.
