Kaspersky, a Moscow-based cyber security firm, has warned cryptocurrency users to expect more attacks from North Korean hackers.
Kaspersky added that North Korean hackers have developed “enhanced capabilities” to deliver malware through Telegram messaging app.
The cyber security firm said that its lab has been analyzing new attacks from the Lazarus Group.
Lazarus group is a cybercrime group that has active links with North Korea.
Kaspersky lab said its analysis is aimed at determining how Lazarus Group’s techniques have developed since the AppleJesus attack on cryptocurrency exchange companies, in 2018.
According to the research paper published by Kaspersky, the cyber security firm said there have been “significant changes to the group’s attack methodology.”
The paper presents a case study which involved a move that appears to be a software update for a fake cryptocurrency wallet. Once the update is downloaded, it begins to transmit user data to hackers.
Another example involves creating a backdoor for Mac software that bypasses security mechanisms without the computer ever being aware it was under attack.
Kaspersky found out a new attack tactics. This tactic involves delivering malware via files distributed on the Telegram messaging app.
Researchers found that several computers download manipulated software, whose origin can be traced to Lazarus group’s website.
These softwares are embedded with malware that would send sensitive data to hackers – without the victim being aware.
Many of these channels belong to fake cryptocurrency companies, presumably set up by the hackers themselves.
One of the recently detected fake sites was for a “smart cryptocurrency arbitrage trading platform.”
Kaspersky researchers discovered that these websites were usually incomplete and filled with broken links, aside from the ones that took visitors to the Telegram channel.
Kaspersky said it has identified “several victims” from Poland, Russia, China and the U.K., most with links to cryptocurrency businesses.
Lazarus Group, however, has remain a mystery. According to experts, the group runs malware through computer memory, rather than a hard disk drive. This has enabled the group to avoid detection.
Lazarus group is widely believed to be affiliated with North Korea, although, the country has repeatedly denied responsibility for its attacks.
Group-IB – a cyber security firm, has estimated that Lazarus group stole about $600 million worth of cryptocurrency between 2017 and 2018.
Due to the success rate of Lazarus group’s operations, Kaspersky researchers are convinced the group will continue stealing cryptocurrency from unsuspecting victims.
“This kind of attack on cryptocurrency businesses will continue and become more sophisticated,” the report says.
In 2019, the U.S. Department for Treasury placed Lazarus group on the U.S. sanctions list, subjecting any financial institution found dealing with the group, to sanctions.