Lazarus hackers are using malicious cryptocurrency apps, FBI warns

People working in cryptocurrency firms are being targeted by Lazarus, a well-known threat actor with close ties to North Korea’s government, law enforcement groups have warned.

CISA, the FBI and the US Treasury Department have banded together to issue a warning to companies in the cryptocurrency industry, urging them to be on their guard.

According to the warning, Lazarus seeks to infect crypto firms’ endpoints with Trojans, in an attempt to drain them of their funds.

Several fake applications distributed

As usual, attacks begin with threat actors assuming the identity of someone close to or of interest to the victim.

“The intrusions begin with a large number of spear-phishing messages sent to employees of cryptocurrency companies – often working in system administration or software development/IT operations (DevOps) – on a variety of communication platforms “, reads the warning.

“The messages often mimic a recruiting effort and offer high-paying jobs to trick recipients into downloading cryptocurrency apps containing malware, which the US government calls TraderTraitor.”

TraderTraitor, it has been said, is a cross-platform utility based on Electron, built on JavaScript and the Node.js runtime. Depending on the device it targets, TraderTraitor may carry different variants of a Remote Access Trojan (RAT) called Manuscrypt.

“Observed payloads include updated macOS and Windows variants of Manuscrypt, a custom remote access Trojan (RAT), which collects system information and has the ability to execute arbitrary commands and download additional payloads,” the federal agencies added.

Security agencies refer to several apps as TraderTraitor: DAFOM (cryptocurrency wallet app for macOS), TokenAIS (wallet maker for AI-based crypto trading for macOS), CryptAIS (wallet maker for AI-based crypto). trading for macOS), AlticGO (crypto price tracker and predictor for Windows), Esilet (crypto price tracker and predictor for macOS) and CreAI Deck (AI and deep learning platform for Windows and macOS).

See also  Want a flagship GPU? AMD RX 6900 XT price falls fast, and it’s now below MSRP

Crypto companies experience a constant barrage of cyberattacks. It was only recently that a flaw in the operations of Beanstalk Farms, a stablecoin protocol, allowed an unknown malicious actor to siphon $182 million from the network.

Prior to this, hundreds of millions of dollars in cryptocurrency were stolen after the Ronin Network, which provides the blockchain “bridge” that powers the NFT game Axie Infinity, was compromised.

Via: BleepingComputer

Leave a Comment