North Korean Hackers Deploy ‘Durian’ Malware, Targeting Crypto Firms

NAIROBI (Coinchapter.com) – North Korean state-backed hackers from the notorious Kimsuky group have unleashed a new, sophisticated malware strain dubbed “Durian.” This malicious campaign primarily targeted at least two major cryptocurrency firms in South Korea, exploiting legitimate security software exclusively used by these companies.

Dissecting the ‘Durian’ Malware’s Capabilities

According to an in-depth threat report published on May 9 by the renowned cybersecurity firm Kaspersky, the previously unknown Durian malware operates as a complex installer. Once deployed, it orchestrates a persistent stream of malicious payloads, including a robust backdoor known as “AppleSeed,” a custom proxy tool called “LazyLoad,” and even legitimate tools like Chrome Remote Desktop. Kaspersky’s analysis revealed, “Durian boasts comprehensive backdoor functionality, enabling the execution of delivered commands, additional file downloads, and exfiltration of files from compromised systems.”

Kaspersky researchers found a link between two hacking groups. Andariel, a sub-group of the Lazarus Group, and Durian both used a tool called LazyLoad. This connection is alarming, as the Lazarus Group is a notorious North Korean hacking organization. They have been involved in many high-profile cyber attacks and heists in the cryptocurrency industry.

Lazarus Group’s Relentless Pursuit of Crypto Assets

The Lazarus Group emerged in 2009, targeting cryptocurrency businesses and investors. Independent investigator ZachXBT exposed their laundering of over $200 million in stolen crypto. Additionally, experts link Lazarus to a massive $3 billion crypto heist over six years.

In 2023 alone, Lazarus reportedly stole $309 million in cryptocurrency, accounting for 17% of all stolen crypto. Moreover, the emergence of the Durian malware, potentially linked to Lazarus, highlights the escalating sophistication of crypto attacks.

North Korean state-backed hackers are continuously refining their tactics. Therefore, robust cybersecurity is crucial for crypto businesses and investors to safeguard their assets. This campaign underscores the relentless pursuit of illegal financial gain by state-backed actors. Consequently, international cooperation and strong deterrence are urgently needed to combat these activities.

The post North Korean Hackers Deploy ‘Durian’ Malware, Targeting Crypto Firms appeared first on CoinChapter.