Volexity, a cybersecurity firm located in Washington, D.C., has linked Lazarus, a North Korean hacker organization already sanctioned by the US government, to a threat involving the use of a cryptocurrency site to infect computers and steal information and crypto from third parties.

According to a blog post published on December 1, Lazarus registered a domain named “bloxholder.com” in June, which would eventually be formed as a business offering services of automatic crypto trading.

(We recommend that you do not visit the website to avoid property theft)

Using this site as a front, Lazarus prompted users to download an app that served as a payload for the Applejeus malware, which was designed to steal private keys and other data from the users’ systems.

Lazarus has previously employed the same strategy. This new scheme, on the other hand, employs a technique that allows the application to confuse and slow down malware detection tasks.

The Lazarus hacker gang was delivering AppleJeus malware using maliciously. MS Office documents labeled OKX, Binance & Huobi VIP fee comparision.xls instead of an MSI installer, according to Volexity researchers. This change was noted in October 2022.

The infected document contains a two-part macro. The first decoded a base64 blob that included a second OLE object with a second macro.

Furthermore, the initial document contains a number of variables encoded with base 64 to allow the virus to be distributed in the targeted system. The hackers also utilized OpenDrive to distribute the final stage payload.

However, researchers have been unable to recover the final payload sent since October. They discovered parallels between the DLL Side-loading process and the assaults employing the MSI installation.

DISCLAIMER: The Information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.

Join us to keep track of news: https://linktr.ee/coincu

Website: coincu.com

Harold

Coincu News

Applejeus

bloxholder.com

Lazarus

North Korea

Volexity

Author

Harold

With a passion for untangling the complexities of the financial world, I've spent over four years in financial journalism, covering everything from traditional equities to the cutting edge of venture capital. "The financial markets are a fascinating puzzle," I often say, "and I love helping people make sense of them." That's what drives me to bring clear and insightful financial journalism to the readers of Coincu.

Scam Alert

Lazarus Group With New Crypto Scam Plan Through App Spreading Malware

Volexity, a cybersecurity firm located in Washington, D.C., has linked Lazarus, a North Korean hacker organization already sanctioned by the US government, to a threat involving the use of a cryptocurrency site to infect computers and steal information and crypto from third parties.

According to a blog post published on December 1, Lazarus registered a domain named “bloxholder.com” in June, which would eventually be formed as a business offering services of automatic crypto trading.

(We recommend that you do not visit the website to avoid property theft)

Using this site as a front, Lazarus prompted users to download an app that served as a payload for the Applejeus malware, which was designed to steal private keys and other data from the users’ systems.

Lazarus has previously employed the same strategy. This new scheme, on the other hand, employs a technique that allows the application to confuse and slow down malware detection tasks.

The Lazarus hacker gang was delivering AppleJeus malware using maliciously. MS Office documents labeled OKX, Binance & Huobi VIP fee comparision.xls instead of an MSI installer, according to Volexity researchers. This change was noted in October 2022.

The infected document contains a two-part macro. The first decoded a base64 blob that included a second OLE object with a second macro.

Furthermore, the initial document contains a number of variables encoded with base 64 to allow the virus to be distributed in the targeted system. The hackers also utilized OpenDrive to distribute the final stage payload.

However, researchers have been unable to recover the final payload sent since October. They discovered parallels between the DLL Side-loading process and the assaults employing the MSI installation.

DISCLAIMER: The Information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.

Join us to keep track of news: https://linktr.ee/coincu

Website: coincu.com

Harold

Coincu News

Visited 61 times, 1 visit(s) today

Other Posts

Knowledge

- 51 days ago 13 mins

Free Bitcoin Code 2024: Easy Way To Own Bitcoin

Knowledge

- 104 days ago 12 mins

Fiat To Fiat Converter: Detailed Guide For Beginners And Important Notes

Knowledge

- 104 days ago 12 mins

Crypto To Crypto Converter: Detailed Guide For Beginners And Important Notes

Knowledge

- 39 days ago 10 mins

Buy Dogecoin on eToro: Step-by-Step Guide for Beginners (2024)

Knowledge

- 6 days ago 12 mins

Bitcoin Mining: How Long Does It Take to Mine 1 Bitcoin?

News

- 1 days ago 2 mins

The Bitcoin Epic Satoshi Of The 4th Halving Was Auctioned For Over $2.1 Million

News

- 19 hours ago 2 mins

BlackRock Bitcoin ETF Had No Inflows For 2 Consecutive Days

Top Projects

- 16 days ago 25 mins

Top 10 Best Crypto Telegram Bots In 2024