They Are Using Defi’s To Steal Crypto Coins
Advanced and determined threat actor (APT) Lazarus , famous for his financial operations, has been attacked with Trojanized, distributed, finance (DeFi) applications to increase his revenue by stealing cryptocurrencies. Thus, Lazarus is abusing legitimate apps used to manage cryptocurrency wallets by distributing malware that gains control over its victims’ systems. The Lazarus group is one of the most active APT actors in the world, operating since 2009. Unlike most state-sponsored APT groups, APT threat actors associated with Lazarus have made financial gain one of their primary objectives.
As the cryptocurrency market grows with the non-tradable token (NFT) and distributed finance (DeFi) markets , Lazarus continues to find new ways to target cryptocurrency users. In December 2021, researchers from cybersecurity startup Kaspersky uncovered a new malware operation attempting to steal cryptocurrencies using a Trojan DeFi application provided by the Lazarus group. The app includes a legitimate program called DeFi Wallet , which registers and manages cryptocurrency wallets . When the app is run, a malicious file is left next to the legitimate app installer, and the malware is launched via a Trojan installer. This malware created, then Trojan Horseit is superimposed on the legitimate app in an applied way.
Seongsu Park, Senior Security Researcher at Kaspersky Global Research and Analysis Team (GReAT), says:
“We’ve been observing Lazarus’ interest in the cryptocurrency industry for some time now, and we’ve seen them devise sophisticated methods to lure their victims, without drawing attention to the contagion process. The cryptocurrency and blockchain-based industries continue to evolve and attract higher levels of investment. This is why they attract not only scammers and phishers, but also big players, including financially motivated APT groups. With the growth of the cryptocurrency market, we think Lazarus’ interest in this industry will not diminish anytime soon.”