Lazarus Hacker Group Changed Methods in Latest Malware Attacks
Recent reports revealed that the Lazarus hacker syndicate, linked with the North Korean government, has evolved with an upgraded malware channel. The group is now making use of phony trading platforms to link telegram channels, making the malware more powerful.
According to the reports, the hacking group has added an authentication system in the macOS to make their malware stronger and more difficult to defeat. After the group’s “operation Applejeus” campaign, victims are still losing Bitcoin to scammers.
Hackers Using More Complex Methods
Kaspersky, a cybersecurity group, revealed that the Lazarus hacker group which has been linked with North Korea. Also brought to light was the fact that this group was also tied to an exchange hack of $570 Million and they have changed their operational methods. The site, according to the researchers, is using a multi-stage infection method, homemade macOS malware, Telegram groups, as well as exchange sites to perpetuate their hacking acts.
The group still gets hold of their victims’ details in a phony way and uses the first Applejeus method to take control. However, the group has changed the way it relieves the victims of their Bitcoin. The hackers are now using a more complex method to avoid being detected.
The researchers continued that they identified more deeply deformed macOS malware while they were tracking the activities of the hackers. From the researchers’ findings, the hacker called their fake application and website JMTTrading.
Staying Safe From Attack
Although many of the detected telegram groups and scam sites seem inactive, Kaspersky security researchers noted that several victims had been identified in the Operation AppleJeus attack. There have been victims reported in China, Russia, Poland, as well as the UK. Also, Kaspersky noted that most of the victims in the attack have cryptocurrency-related business dealings.
According to the researchers, the actors may have used free web templates to develop fake websites. Also, the actor manipulated a telegram messenger to make it look real for its hacking spree.
In some cases, the security researchers believe that the actors used the fake website to deliver the malware through the Telegram group. In another scenario, they suspect that the more complex and sophisticated bugs system used links on fake sites to penetrate the system. However, the more complex attacking mechanism involves the use of multiple payloads in custom made protocols, which are developed specifically to avoid being detected.
The hackers have now developed a homemade macOS malware that would enable them to attack macOS systems. They have also included an authentication system that would lead to the next stage payload.
Also, the hackers have expanded a multi-stage infection system that would enable them to attack Windows systems. They have also upgraded the final payload. According to the researchers, the hacking group is more cautious in attacks since the discovery of the group’s operational name and method.
The group has used different methods to evade the security watch of the public. The scam sites have since been closed. However, there may be other sites that still exist. According to the researchers, users should be very careful to protect their systems from these upgraded malware attacks.