Crypto malware risks continue to rise. The organized cyber attacker group Lazarus has come up with new techniques to attack crypto users and crypto exchanges.
Cryptocurrencies require a certain degree of computer literacy on part of users since they need to secure their digital coins. Organized gangs of cyber attackers continue to target crypto users, and Lazarus is one such group.
The secure blockchain technology is the foundation of cryptocurrencies. Digital signatures, modern data encryption techniques, and consensus algorithm keep the cryptocurrency blockchain networks secure.
However, different cryptocurrencies use different protocols. They aren’t inter-operable. This means that Bitcoin users can’t use Bitcoin on the Ethereum network, and vice-versa. This gave rise to crypto exchanges, which enabled users to trade their cryptocurrencies.
Now, crypto exchanges are centralized businesses. When crypto users store their digital assets on the web wallets of these exchanges, they are effectively storing their coins on the central servers of these exchanges.
These servers are as vulnerable to cyber attackers as any other central server. Blockchain doesn’t protect these central servers. Not surprisingly, crypto exchanges are lucrative targets for hackers. Choincheck exchange hack and the attack on YoBit exchange are just a few examples of such cyber attacks.
Cyber attack is increasingly a highly organized phenomenon. Cyber attackers operate in gangs and use increasingly sophisticated techniques. Most cyber attacks now are from such highly organized gangs. It’s the same in the crypto landscape.
Lazarus is a highly organized gang, known for their targeting of financial institutions. They are targeting crypto exchanges and crypto users too.
Widespread targeting of crypto exchanged and users
The report details the sophistication of Lazarus, for e.g., their use of malware reserves, which helps them to continue with the attack even when some malware are detected. Kaspersky Lab also elaborates on how Lazarus has created malware specifically for macOS, highly popular with many crypto users.
The report shows how Lazarus creates fake companies and targets crypto exchanges and users. They distribute genuine-looking business documents to professionals in the crypto space to attract their interest.
The documents embed malware. Lazarus targets Windows systems using Powershell scripts, moreover, they also target macOS systems.
During their investigation, Kaspersky Lab found that many of these malware-infected documents were written in Korean. This points to a concerted effort to target South Korean crypto users. Crypto is widely popular in South Korea.
Korean Hangul Word Processor (HWP) format is very popular in South Korea. Lazarus delivered a lot of their malware using HWP documents, exploiting a known security vulnerability with HWP.
At the time of writing, the extent of damage from these malicious efforts are not clearly known. However, Kaspersky Lab notes that Lazarus is using this template of attack and expanding their threatening activities to other platform.
Discretion is the better part of valour, especially for crypto users!
Crypto involves big money. Lazarus and other cyber-attackers will certainly use even more sophisticated techniques in future. Crypto users can never be too careful with the security of their devices. Kaspersky Lab has recommended crypto users to regularly update their devices with the required security patches, moreover, the company recommends using robust anti-virus solutions.