North Korean hackers deploy ‘Durian’ malware, focusing on crypto companies


North Korean hackers are using a “hanging” new malware variant dubbed “Durian” to reportedly launch assaults on South Korean crypto companies.

The North Korean hacking group Kimsuky used the brand new malware in a collection of focused assaults on no less than two cryptocurrency companies up to now, in keeping with a Could 9 menace report from cybersecurity agency Kaspersky.

This was performed by means of a “persistent” assault by exploiting authentic safety software program used solely by crypto companies in South Korea.

Supply: Kaspersky

The beforehand unknown Durian malware acts as an installer that deploys a continued stream of malware together with a backdoor referred to as “AppleSeed,” a customized proxy device referred to as LazyLoad, and different authentic instruments reminiscent of Chrome Distant Desktop.

“Durian boasts complete backdoor performance, enabling the execution of delivered instructions, further file downloads, and exfiltration of information,” wrote Kaspersky.

Moreover, Kaspersky famous that LazyLoad was additionally utilized by Andariel, a sub-group inside fellow North Korean hacking consortium Lazarus Group — one thing that urged a “tenuous” connection between Kimsuky and the extra infamous hacking group.

Associated: North Korean Lazarus hacker group utilizing LinkedIn to focus on and steal belongings: Report

First rising in 2009, Lazarus has established itself as one of the infamous teams of crypto hackers.

On April 29, unbiased blockchain sleuth ZachXBT revealed that the Lazarus group had efficiently laundered over $200 million in ill-gotten crypto between 2020 and 2023.

In complete, the Lazarus Group is accused of stealing over $3 billion in crypto belongings within the six years main as much as 2023.

Lazarus was credited with stealing over 17% — a bit over $309 million — of the overall stolen funds in 2023. All through 2023 greater than $1.8 billion price of crypto was misplaced to hacks and exploits, in keeping with a Dec. 28 report by Immunefi.

Journal: Lazarus Group’s favourite exploit revealed — Crypto hacks evaluation