North Korean hackers have reportedly unleashed a new malware variant called "Durian" to target South Korean cryptocurrency firms, according to a threat report by cybersecurity firm Kaspersky on May 9.
The Kimsuky hacking group, believed to be behind the attacks, utilized Durian in a series of targeted assaults on at least two crypto companies. They exploited legitimate security software exclusively used by South Korean crypto firms in what Kaspersky described as a "persistent" attack.
Durian, previously unknown, functions as an installer for a range of malware, including a backdoor named "AppleSeed," a custom proxy tool known as LazyLoad, and other legitimate utilities like Chrome Remote Desktop. This malware offers extensive backdoor capabilities, allowing for the execution of commands, file downloads, and data exfiltration.
Kaspersky also noted the use of LazyLoad by Andariel, a sub-group within the Lazarus Group, a well-known North Korean hacking consortium. This suggests a potential connection between Kimsuky and Lazarus Group.
Lazarus Group, established in 2009, has gained notoriety as one of the most prolific crypto hacking groups. On April 29, blockchain analyst ZachXBT revealed that Lazarus had laundered over $200 million in illicit crypto between 2020 and 2023. Overall, Lazarus is accused of pilfering more than $3 billion in crypto assets over a six-year period.
In 2023 alone, Lazarus was credited with stealing over 17% of the total stolen funds, amounting to approximately $309 million. Throughout the year, more than $1.8 billion worth of crypto fell victim to hacks and exploits, as reported by Immunefi on December 28.
May 2024, Cryptoniteuae