The North-Korean-linked Lazarus group is wandering again, this time infected with a new batch of digital assets-stealing malware.
Elsewhere, Kaspersky’s report revealed that a group of cybercriminals blackmailed YouTubers to hint at malware in the video description.
Lazarus targets the JavaScript ecosystem
Lazarus has revamped its attack on the digital asset sector and is currently targeting the JavaScript ecosystem, Code Security Platform Sockets reveals.
In a recent report, Socket revealed that Notorious Hacker Group is deploying six new malicious packages targeting the Node Packaging Manager (NPM) ecosystem. NPM is used to install and manage JavaScript packages. Malware is designed to steal digital asset data and other credentials and deploy backdoors for future exploits.
Unsuspecting victims had downloaded six packages 330 times by last week. Lazarus is designed to mimic the widely trusted libraries that developers have used for years and works with Hacker Group’s Typosquatting Tactic. The group maintains GitHub repositories of 5 out of 6 malicious packages, which improves perceived legitimacy. Socket then petitioned Github for removal.
The socket team admitted that it is nearly impossible to attribute malware to Lazarus. “Because absolute attribution is inherently difficult.” However, they have the characteristics of group tactics and techniques. This includes the use of similar obfuscation techniques, scripting capabilities, command and control mechanisms, and data theft techniques against other past Lazarus attacks.
Once installed, the security company revealed that malware uses browser profiles for Chrome, Firefox, Brave, and keychain archives for MacOS to extract sensitive files such as login data. It also extracts digital asset wallets where exodus wallets and Solana-based applications are particularly vulnerable.
This tactic is nothing new to Lazarus. The group repeatedly used it to infiltrate both personal and corporate networks and wipe away digital asset wallets. In previous attacks, the group posted job openings on LinkedIn, inviting unsuspecting applicants to click on malicious links.
The North Korean group is involved in many famous robbers, but the newest one is the biggest and boldest. Lazarus was credited with the $1.4 billion hacking of Exchange Bybit, the biggest popular ever in the world of digital assets. Cybersecurity detectives later discovered that the group’s entry route was being done through malware planted in Safe’s online code. SAFE is the digital asset wallet provider that BYBIT used to protect users’ assets.
Cryptojackers BlackMailing YouTubers
In another report, cybersecurity company Kaspersky revealed that cybercriminals are threatening YouTubers.
Criminals are behind malware that disguises them as tools to bypass geographical restrictions and other local blocks to access the Internet. These tools are becoming increasingly popular as some governments, such as Russia and China, impose internet blocks on some regions. Over the past six months, Kaspersky has detected over 2.4 million drivers associated with the bypass tool.
These drivers have become malware hotspots. Typically, users need to disable security solutions for PCS, allowing attackers to easily install malware that is unaware. Popular attack vectors include crypto jacking software that mines digital assets without user knowledge, as well as remote access tools (RATs) and other popular credential steelers.
These attackers are now targeting YouTubers and reaching a wider target audience, Kaspersky discovered. In one instance, they targeted YouTubers with over 60,000 subscribers. The attacker reported the video on suspicion of copyright infringement before reaching out to him, and requested that the attacker include a link to the resource so that the copyright claim could be withdrawn.
YouTubers were unaware that the link was unaware of malicious websites that contained cryptojacking malware and other steelers.
Another YouTuber, with 340,000 subscribers, was also targeted, just like his popular telegram channel.
Cryptojacking malware is based on Xmrig, an open source miner that criminals have long used to illegally mine digital assets on victims’ PCs. You can mine Ether, Ethereum Classic, Monero and other small digital assets. Malware can be turned on and off to avoid detection and be controlled remotely.
Cryptojacking isn’t as popular as it once was, but some criminals still target millions of devices. Two weeks ago, Cyberark reported that one cryptojacking strain was infected with over 750,000 unique digital asset addresses. Another recent report showed that cryptojackers were targeting federal agencies and were infiltrating their USAID machines last fall to mine “Crypto.”
Watch: Cybersecurity Fundamentals in Today’s Digital Age Using AI & Web3
https://www.youtube.com/watch?v=tmc4bnldsnq title = “youtube video player” frameborder = “0” lock = “accelerometer; autoplay; clipboard-write; clipped-media; gyroscope; picture-in-picture” referrerpolicy = “strict-origin-when-cross-origin” approadlscreen = “”>>>
Discover more from Earlybirds Invest
Subscribe to get the latest posts sent to your email.
