Trojan from Lazarus Group

The Lazarus Group, also known as HIDDEN COBRA, is a group of cybercriminals that is responsible for many cyber attacks around the world. This group has stolen cryptocurrency in the amount of 571 million since 2017, informs dollars.Group-IB Report

The report explains that some groups of hackers may focus on cryptocurrency exchanges. Since January 2017, Lazarus has conducted 14 different attacks on crypto exchanges and is responsible for stealing cryptocurrencies worth $571 million. Its members regularly use methods and tools such as phishing, social engineering, and malware.

Phishing remains the main vector of attack on corporate networks. For example, scammers provide malware under the cover of spam with an application that contains a Trojan program. After the local network is successfully cracked, hackers scan it to find workstations and servers used to work with private wallets with cryptocurrencies.

Hackers stole 10% of ICO funds
The report also explains that 10% of the total funds created by the ICO platforms since 2017 have been stolen. The bulk of the shares was lost through phishing. According to Group-IB, hackers use “crypto-fever”, where users are so subordinated to the fear of not having time to make an investment as quickly as possible, that they do not pay attention to fake domain names.

About Lazarus Group
Lazarus is responsible for Operation Troy’s cyber-espionage campaign, which used unsophisticated denial of service (DDoS) attack methods designed for the South Korean government in Seoul. This attack occurred from 2009-2012. It is not clear who is really behind the group, but some media reported that this is North Korean hackers.

A few days ago, this group used MacOS malware and a fake installer to break into cryptocurrency exchanges.
Lazarus Group also hacks banks and other financial companies around the world. Over the past few months, Lazarus has jeopardized various banks and penetrated a number of global cryptocurrency exchanges and financial companies.

As a result, the victims were infected using a Trojan cryptocurrency trading application that was offered to companies by email. It was found that company employees willingly downloaded a third-party application from the official site, after which the computer was infected with Fallchill malware. Hackers have also developed malware for other platforms, such as macOS. This shows that the Lazarus group is now targeting non-Windows platforms.

Group-IB also stated that it is likely that the world’s largest mining companies will become an obvious target for state-sponsored hackers. To attack the “51% vulnerability”, hackers must dominate most of the computing power used by the blockchain with proof-of-work. In the first half of 2018, five major crimes were recorded with financial damage ranging from $0.55 million to $18 million.

In August 2018, Group-IB analyzed 720 account leaks (logins and passwords) from 19 cryptocurrency exchanges.

According to the report, the number of compromised login data has significantly increased. Compared to 2016, the number of compromised accounts in 2017 increased by 369%, and in 2018 due to excessive activity in respect of cryptocurrencies, increased by 689%. The report further states that every third user from the United States is a victim of cryptocurrency cyber attacks. Among the three leading countries are the USA, Russia, and China.