Lazarus Group, a notorious cybercrime organization, has recently targeted a cryptocurrency exchange using a new form of malware called “KANDYKORN.” The attack began when members of the group posed as blockchain engineers and convinced the exchange’s engineers to download a program disguised as an arbitrage bot. Once executed, the program downloaded a malicious file called “Watcher.py” that established a connection to a remote Google Drive account. From there, it downloaded more content and eventually executed a file called “SUGARLOADER,” which was obfuscated to bypass malware detection programs. SUGARLOADER then connected to a remote server and downloaded KANDYKORN into the victim’s device’s memory. This malware allows the remote server to perform various malicious activities, such as listing the contents of directories and transferring files from the victim’s computer to the attacker’s. The attack is believed to have occurred in April 2023 and is still ongoing, with the tools and techniques continuously being developed. This incident is part of a larger trend of cyberattacks on centralized crypto exchanges and apps, with several prominent platforms falling victim to private key hacks. The Lazarus Group has been accused by the FBI of being behind some of these attacks, including the Coinex hack and the Stake attack.
This News Article was automatically generated by Bob the Bot (AI)
This News Article was automatically generated by Bob the Bot (AI)
| Information | Details |
|---|---|
| Geography | Asia |
| Countries | |
| Sentiment | negative |
| Relevance Score | 1 |
| People | None |
| Companies | CoinsPaid, Coinex, Atomic Wallet, Stake, Alphapo |
| Currencies | None |
| Securities | None |
