Is it possible that North Korea is back in the cryptocurrency hacking space? According to one source, that’s exactly the case. Researchers say they’ve uncovered a new attack from Lazarus, based in the nuclear-powered country.
Lazarus Is Back in Our Midst
North Korea has been involved in several crypto hacking cases over the past few years and is allegedly using stolen digital funds to power its nuclear program. The nation has allegedly performed attacks on its neighbor to the south, the United States and several other global regions. Thus far, it is believed that the country has garnered more than half-a-million USD-worth of crypto funds.
For the most part, it seems that North Korea’s hacking method of choice is crypto jacking, an ugly (and popular) way of garnering funds that simply aren’t yours. Via crypto jacking, a malicious individual or source seeks to gain control of one’s computer or smart device. From there, they infiltrate the software and implement mining malware that allows them to extract cryptocurrency such as Monero, which is hugely popular amongst crypto thieves given its quasi-anonymous properties.
As long as the actor maintains control of the device, they’re able to garner funds from the mining, while the computer owner – who has no knowledge of the situation and has given no permission – is left with nothing minus the massive energy bills they’re likely to garner at the end of each month.
According to the researchers of this latest case, Lazarus – which should sound familiar to all of us at this point – is utilizing phony cryptocurrency trading software from a fake company known as JMT Trading. A new trading app accompanies the software to make it more legitimate. The code has been uploaded to GitHub and is open and available for any unsuspecting person to download.
Once the software is downloaded, the malicious creator can “execute commands” from a distance using the person’s device. Granted the device in question is Mac-based, the software allows the actor to take full control, thereby giving them carte blanche in terms of how and what is mined.
This is very similar with another situation that occurred last year, in which Lazarus created a phony company known as Celas. Researchers at Kaspersky Labs discovered the platform and posted a warning online which read:
While investigating a cryptocurrency exchange attacked by Lazarus, we made an unexpected discovery. The victim had been infected with the help of a trojan cryptocurrency trading application, which had been recommended to the company over email.
A Lot of Crypto Activity for One Country
It is alleged that North Korea is the most “profitable hacking syndicate in the world” according to 2018 research.
Rumors have also circulated that the country is in the process of building a national digital coin to be issued to citizens through its central financial institution.