Cryptocurrency and blockchains are not safe from hackers.
In a warning issued by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the U.S. Treasury Department (Treasury), they alerted that trojanized cryptocurrency applications are being used by North Korean Lazarus hacking group in targeting organizations in the cryptocurrency and blockchain industries.
How North Korean Lazarus Used Crypto Apps in Hacking
Social engineering is used by hackers in tricking employees of cryptocurrency companies. They deceive employees to download and run malicious Windows and macOS cryptocurrency apps.
In a report by BleepingComputer, it was explained that the Lazarus operators use these trojanized tools to gain access to the targets' computers, spread malware throughout their networks, and steal private keys that allow initiating fraudulent blockchain transactions and stealing the victims' crypto assets from their wallets.
These activities enable additional follow-on activities that initiate fraudulent blockchain transactions.
The joint report of CISA, FBI, and Treasury stated, "Intrusions begin with a large number of spearphishing messages sent to employees of cryptocurrency companies-often working in system administration or software development/IT operations (DevOps)-on a variety of communication platforms."
"The messages often mimic a recruitment effort and offer high-paying jobs to entice the recipients to download malware-laced cryptocurrency applications, which the U.S. government refers to as 'TraderTraitor,'" the joint-report explained further.
The trojanized TraderTraitor applications are written using JavaScript with Node.js runtime environment. They are electron-based framework and cross-platform utilities.
The malicious applications appear to be cryptocurrency trading or price prediction tools, which are derived from a variety of open-source projects. TraderTraitor apps features websites with modern design, which are advertising the fake crypto apps' alleged features.
The joint report also added, "Observed payloads include updated macOS and Windows variants of Manuscrypt, a custom remote access trojan (RAT), that collects system information and has the ability to execute arbitrary commands and download additional payloads."
Celas Trade Pro, JMT Trading, Union Crypto, Kupay Wallet, CoinGoTrade, Dorusio, and Ants2Whale are included in the list of apps trojanized using AppleJeus.
Read Also: Hackers Target SWIFT Users Using Bangladesh Heist Methods
Lazarus charged with $1.3 Billion Stealing
In multiple attacks against banks, the entertainment industry, cryptocurrency companies, and other organizations worldwide, three Lazarus Group members are charged with stealing $1.3 billion in money and cryptocurrency by the U.S. Justice Department.
A confidential United Nations report also said that North Korean operators stole an estimated $2 billion in 2019. This was through the 35 cyberattacks on banks and crypto exchanges across over a dozen countries.
The U.S. Treasury Department sanctioned three North Korean hacking groups (Lazarus Group, Bluenoroff, and Andariel) in the same year for channeling the financial assets they stole in cyberattacks to the North Korean government.
Lazarus Group, a cybercrime group made up of an unknown number of individuals run by the North Korean state, have been attributed to many cyberattacks between 2010 and 2021.
They are originally a criminal group who are at present have been designated as an advanced persistent threat due to intended nature, threat, and wide array of methods used when conducting an operation.
Related Article: US Government Suspects North Korean Hackers Behind $625 Million Ronin Blockchain Heist