Crypto Exchange Hit by Malware with Fake Installer

An anti-virus software manufacturer, The Kaspersky Lab, has just reported that a cryptocurrency exchange has just been attacked by Lazarus group on Aug 23. On their website, the software firm said they were investigating the attack when they made an “unexpected discovery”.

Through a trojanized crypto trading platform that was offered to the victim’s company in an email. An unsuspecting employee downloaded a third-party app from a website and infected their computer with malware called Fallchill.

The Lazarus Group is a cybercrime organization that has been known to target banks and other financial companies around the world. Over time, their tools and tactics have become more developed and effective.

In 2018, a report was issued by Recorded Future linking the cybercrime group to the hacking on users of cryptocurrencies Bitcoin and Monero, many of them from South Korea. One of the ploy used by the Lazarus group was to take advantage of the vulnerabilities in Hangul, a word processing software in South Korea.

Spear-Phising is another tactic used by the group with lures that contains a malware and were sent to cryptocurrency exchange users. The attacks were similar to the WannaCry ransomware and that of Sony Pictures incident.

The malware steals the users’ email addresses and their passwords once it is opened.

In December 2017, another cryptocurrency exchange Youbit, filed for bankruptcy as 17% of its assets was stolen allegedly by North Korean hackers and Lazarus.