New post Need visibility? Apply for a FREE post for your Startup.  Apply Here


North Korean Hackers Now Steal Cryptocurrency Via Telegram – Kaspersky Warns

2 Mins read

Kaspersky, a Moscow-based cyber security firm, has warned cryptocurrency users to expect more attacks from North Korean hackers.

Kaspersky added that North Korean hackers have developed “enhanced capabilities” to deliver malware through Telegram messaging app.

The cyber security firm said that its lab has been analyzing new attacks from the Lazarus Group.

Lazarus group is a cybercrime group that has active links with North Korea.

Kaspersky lab said its analysis is aimed at determining how Lazarus Group’s techniques have developed since the AppleJesus attack on cryptocurrency exchange companies, in 2018.

According to the research paper published by Kaspersky, the cyber security firm said there have been “significant changes to the group’s attack methodology.”

The paper presents a case study which involved a move that appears to be a software update for a fake cryptocurrency wallet. Once the update is downloaded, it begins to transmit user data to hackers.

Another example involves creating a backdoor for Mac software that bypasses security mechanisms without the computer ever being aware it was under attack.

Kaspersky found out a new attack tactics. This tactic involves delivering malware via files distributed on the Telegram messaging app.

Researchers found that several computers download manipulated software, whose origin can be traced to Lazarus group’s website.

These softwares are embedded with malware that would send sensitive data to hackers – without the victim being aware.

Read also: Amidst Rising Tensions, India Bans More Chinese Apps

Many of these channels belong to fake cryptocurrency companies, presumably set up by the hackers themselves.

One of the recently detected fake sites was for a “smart cryptocurrency arbitrage trading platform.

Kaspersky researchers discovered that these websites were usually incomplete and filled with broken links, aside from the ones that took visitors to the Telegram channel.

Kaspersky said it has identified “several victims” from Poland, Russia, China and the U.K., most with links to cryptocurrency businesses.

Lazarus Group, however, has remain a mystery. According to experts, the group runs malware through computer memory, rather than a hard disk drive. This has enabled the group to avoid detection.

Lazarus group is widely believed to be affiliated with North Korea, although, the country has repeatedly denied responsibility for its attacks.

Group-IB – a cyber security firm, has estimated that Lazarus group stole about $600 million worth of cryptocurrency between 2017 and 2018.

Due to the success rate of Lazarus group’s operations, Kaspersky researchers are convinced the group will continue stealing cryptocurrency from unsuspecting victims.

This kind of attack on cryptocurrency businesses will continue and become more sophisticated,” the report says.

In 2019, the U.S. Department for Treasury placed Lazarus group on the U.S. sanctions list, subjecting any financial institution found dealing with the group, to sanctions.

Don’t miss any tech news ever!

We don’t spam! Read our privacy policy for more info.

768 posts

About author
When I'm not reading about tech, I'm writing about it, or thinking about the next weird food combinations to try. I do all these with my headphones plugged in, and a sticky note on my computer with the words: "The galaxy needs saving, Star Lord."
Related posts

Telegram to launch ad revenue sharing for channel owners

1 Mins read
Messaging platform, Telegram, has announced it will launch an advertising platform in March that will share revenue with channel owners. According to…

Flutterwave Appoints Olajumoke AdenowoInto Its Board Of Directors

1 Mins read
Flutterwave was founded in 2016 by Iyinoluwa Aboyeji, Olugbenga Agboola, and Adeleke Adekoya and is headquartered in San Francisco, California with operations…

Dynabook Americas recalls over 15 million Toshiba laptop chargers

1 Mins read
Dynabook Americas, formerly known as Toshiba, has issued a recall of over 15.5 million Toshiba-branded laptop AC adapters sold between April 2008…
Newsletter Subscription

🤞 Don’t miss any update!

We don’t spam! Read more in our privacy policy

Join our Telegram channel here -

Leave a Reply