The North Korea-based hacking group Lazarus appears to be coming back, and this time, it’s allegedly using the encrypted messaging service Telegram to steal your cryptocurrency.
Lazarus Is Bigger Than Ever
The news comes by way of cybersecurity firms Kaspersky Labs, which stated recently that the group is taking “more careful steps” to ensure it can steal users’ data or digital funds without raising too many red flags. Researchers are calling the new attack wave “Operation AppleJeus Sequel,” a throwback to the original 2018-2019 AppleJeus campaign.
Telegram has been at the center of several controversies as of late. Recently, it was discovered that the messaging system was potentially leaking the phone numbers of various group members. The Chinese government was potentially taking advantage of the bug to see who was involved in the ongoing Hong Kong protests, which called for a separation from the mainland and a more democratic structure of government.
In addition, Telegram was recently made susceptible to a new form of malware that was – you guessed it – developed to steal cryptocurrency and digital funds. The company itself is also suffering from a heavy lawsuit brought on by the Securities and Exchange Commission (SEC) that alleges the firm’s token sale of the “gram,” it’s new cryptocurrency, was not properly registered as a security and went against present legislation.
The company is now due in court in February 2020. Any future sales and distribution of gram tokens are on hold until the initial hearing is complete.
This time around, Lazarus is at the center of Telegram’s headaches. Kaspersky claims the hacking group is creating fake crypto trading group pages in Telegram as a means of luring unsuspecting users. Once they step into the frame, their information is exposed granted they are willing to download an infected payload that directs their data back to the hacking group.
Once this data is uncovered, the hackers can meander through a user’s device and hence examine their passwords and individual accounts. This may include crypto granted the person has a digital wallet set up somewhere, giving Lazarus something to steal.
Lazarus has been around for some time and is potentially one of the most dangerous (and most active) hacking groups within the crypto space. In October of 2018, it was reported that the organization had stolen more than half-a-billion dollars in crypto funds.
They’ve Been At It a Long Time
One year later, Lazarus was allegedly using a fake company known simply as JMT Trading to initiate phony crypto trading software on GitHub for any unsuspecting crypto user to download.
Lazarus has also been involved in several crypto jacking cases, a common type of cyberattack in which a person’s computer or device is utilized without their permission or consent to mine cryptocurrencies, usually Monero given its quasi-anonymous properties.