Hackers Distributing Trojanized DeFi Wallet Apps to Steal Crypto

Onsa MustafaLast Updated: Apr 2, 2022
Trojanized DeFi Wallet Apps

The North Korean state-backed hacking crew, known as the Lazarus Group, has been attributed to yet another financially motivated campaign that leverages trojanized decentralized finance (DeFi) wallet apps to distribute a fully-featured backdoor onto compromised Windows systems.

North Korean Hackers Distributing Trojanized DeFi Wallet Apps to Steal Crypto

The app is designed to trigger the launch of the implant that can take control of the infected host. Russian cybersecurity firm Kaspersky said it first encountered the rogue application in mid-December 2021.

“For the Lazarus threat actor, financial gain is one of the prime motivations, with a particular emphasis on the cryptocurrency business. As the price of cryptocurrency surges, and the popularity of non-fungible token (NFT) and decentralized finance (DeFi) businesses continues to swell, the Lazarus group’s targeting of the financial industry keeps evolving,”

Kaspersky GReAT researchers highlighted.

The infection scheme initiated by the app also results in the deployment of the installer for a legitimate application, which gets overwritten with a trojanized version in an effort to cover its tracks.

The spawned malware launches a wallet app built for the DeFiChain, while also establishing connections to a remote attacker-controlled domain and awaiting further instructions from the server.

Based on the response received from the command-and-control (C2) server, the trojan proceeds to execute a wide range of commands, granting it the ability to collect system information, enumerate and terminate processes, delete files, launch new processes, and save arbitrary files on the machine.

The C2 infrastructure used in this campaign exclusively consisted of previously compromised web servers located in South Korea, prompting the cybersecurity company to work with the country’s computer emergency response team (KrCERT) to dismantle the servers.

So beware while using any such app.

Check Also: Hackers Pose as Law Enforcement Authorities to Get Access to Apple and Meta’s Data

Source: Digital Trend

PTA Taxes Portal

Find PTA Taxes on All Phones on a Single Page using the PhoneWorld PTA Taxes Portal

Explore NowFollow us on Google News!
Onsa MustafaLast Updated: Apr 2, 2022
Photo of Onsa Mustafa

Onsa Mustafa

Onsa is a Software Engineer and a tech blogger who focuses on providing the latest information regarding the innovations happening in the IT world. She likes reading, photography, travelling and exploring nature.

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button
Get Alerts!

PhoneWorld Logo

Join the groups below to get the latest updates!

💼PTA Tax Updates
💬WhatsApp Channel

>