applejeus, bloxholder, crypto, data, department of justice, indicment, indictment, lazarus, malware, payload, theft, volexity

The Lazarus group, a North Korean hacking organization previously linked to criminal activity, has been connected to a new attack scheme to breach systems and steal cryptocurrency from third parties. The campaign, which uses a modified version of an already existing malware product called Applejeus, uses a crypto site and even documents to gain access to systems.

Modified Lazarus Malware Used Crypto Site as Facade

Volexity, a Washington D.C.-based cybersecurity firm, has linked Lazarus, a North Korean hacking group already sanctioned by the U.S. government, with a threat involving the use of a crypto site to infect systems in order to steal info and cryptocurrency from third parties.

A blog post issued on Dec. 1 revealed that in June, Lazarus registered a domain called “bloxholder.com,” which would be later established as a business offering services of automatic cryptocurrency trading. Using this site as a facade, Lazarus prompted users to download an application that served as a payload to deliver the Applejeus malware, directed to steal private keys and other data from the users’ systems.

The same strategy has been used by Lazarus before. However, this new scheme uses a technique that allows the application to “confuse and slow down” malware detection tasks.

Document Macros

Volexity also found that the technique to deliver this malware to final users changed in October. The method morphed to use Office documents, specifically a spreadsheet containing macros, a sort of program embedded in the documents designed to install the Applejeus malware in the computer.

The document, identified with the name “OKX Binance & Huobi VIP fee comparision.xls,” displays the benefits that each one of the VIP programs of these exchanges supposedly offers at their different levels. To mitigate this kind of attack, it is recommended to block the execution of macros in documents, and also scrutinize and monitor the creation of new tasks in the OS to be aware of new unidentified tasks running in the background. However, Veloxity did not inform on the level of reach that this campaign has attained.

Lazarus was formally indicted by the U.S. Department of Justice (DOJ) in Feb. 2021, involving an operative of the group linked to a North Korean intelligence organization, the Reconnaissance General Bureau (RGB). Before that, in March 2020, the DOJ indicted two Chinese nationals for aiding in the laundering of more than $100 million in cryptocurrency linked to Lazarus’ exploits.

TECH NEWS RELATED

Tesla hits new delivery and production records

Tesla has presented its delivery and production figures for the fourth quarter of 2022 – and thus also for the year as a whole. With 439,701 electric cars built and 405,278 delivered, Q4 was unsurprisingly a new record for both figures. For the full year 2022, Tesla’s brief announcement ...

View more: Tesla hits new delivery and production records

Report: Central African Republic Postpones Sango Coin Listing

The Central African Republic’s plan to list the sango coin in the last quarter of 2022 has been put on hold, while the scheduled unlocking of 5% of token holders’ portfolios has similarly been postponed, a statement from the team promoting the token has reportedly said. The decision to ...

View more: Report: Central African Republic Postpones Sango Coin Listing

Gold-Based Digital Assets Issued in Russia

A blockchain platform built by Russia’s largest banking institution, Sber, has been used to issue digital assets based on gold. The value of the tokenized precious metal will depend on the prices of physical gold, the bank said, emphasizing that the operation is a first. Russia’s Sber Bank Mints ...

View more: Gold-Based Digital Assets Issued in Russia

Kraken Shutting Down Crypto Exchange in Japan Citing Weak Global Crypto Market

Cryptocurrency exchange Kraken is shutting down services in Japan. The company explained that the current Japanese market conditions and a weak global crypto market do not justify the resources needed to further grow its business in Japan at this time. Kraken Exiting Japan Cryptocurrency exchange Kraken announced Wednesday that ...

View more: Kraken Shutting Down Crypto Exchange in Japan Citing Weak Global Crypto Market

Microstrategy Buys More Bitcoin — Company's Crypto Holdings Grow to 132,500 BTC

Microstrategy is now holding approximately 132,500 bitcoin following its most recent purchases. This year, the world’s largest cryptocurrency has emerged as “the institutional-grade digital asset,” said Microstrategy founder Michael Saylor. Microstrategy Acquires More Bitcoin Nasdaq-listed Microstrategy Inc. announced Wednesday that it has purchased more bitcoin for its corporate treasury. ...

View more: Microstrategy Buys More Bitcoin — Company's Crypto Holdings Grow to 132,500 BTC

Bitcoin Miner Argo Blockchain Sells Helios Facility to Galaxy Digital for $65 Million, Galaxy to Host Argo's ASIC Fleet in Texas

After the publicly-listed bitcoin mining firm Argo Blockchain suspended trading on Nasdaq and the London Stock Exchange, the company said it would follow up the next day with an announcement. The following day, on Dec. 28, 2022, Argo detailed it is selling its Helios facility to Galaxy Digital for ...

View more: Bitcoin Miner Argo Blockchain Sells Helios Facility to Galaxy Digital for $65 Million, Galaxy to Host Argo's ASIC Fleet in Texas

FTX Co-Founder Faces ‘No-Nonsense’ Judge Next Week, Report Says SBF 'Expected to Enter a Plea' in Fraud Case

According to court documents, Sam Bankman-Fried (SBF) is set to be arraigned by the federal court in the Southern District of New York (SDNY) on Jan. 3, 2023. The disgraced FTX co-founder plans to enter a plea in his fraud case in front of U.S. judge Lewis Kaplan in ...

View more: FTX Co-Founder Faces ‘No-Nonsense’ Judge Next Week, Report Says SBF 'Expected to Enter a Plea' in Fraud Case

Onchain Sleuths Discover Funds Linked to Alameda Swapped for ETH, USDT, BTC by a Mysterious Entity

On Dec. 27, 2022, a number of onchain researchers noticed that funds connected to Alameda Research and FTX have moved and have been swapped for other tokens. Reports show the hacker known as the ‘FTX Accounts Drainer,’ traded large sums of ERC20 tokens for digital assets like tether, ethereum, ...

View more: Onchain Sleuths Discover Funds Linked to Alameda Swapped for ETH, USDT, BTC by a Mysterious Entity

FTX Customers File Class Action to Claim Assets Within Bankruptcy Case

The Stablecoin Economy Shed $28 Billion in 2022 After a Handful of Tokens Lost Their $1 Peg

Argentine Senate Mulls Crypto Advertisement Regulation

Japanese Gaming Company Gumi Partners With Square Enix and SBI Holdings to Strengthen Metaverse Pivot

Venezuelan Banks Have Blocked Over 75 Accounts Since the End of Last Year Due to Cryptocurrency-Related Activities

FBI Renews Warning About Pig Butchering Crypto Scam Sweeping the Country

Philippine Regulator Warns Against Using Unlicensed Cryptocurrency Exchanges Following FTX Collapse

Robert Kiyosaki Warns Last Chance to Buy Gold and Silver at Low Prices — Says Stock Market Crash Will Send Them Higher

Publicly-Listed Bitcoin Miner Argo Blockchain Suspends Nasdaq Trading

Report: Nigerian Security Agency Seeks to Arrest Central Bank Governor on Charges of Funding Terrorists

Crypto Supporters Sift Through the Graveyard of Technical Indicators That Failed to Predict Bitcoin’s Bottom

'Oil Prices North of $200' per Barrel — Investor Expects Oil to 'Crush' Every Investment in 2023

OTHER TECH NEWS

Top Car News Car News