Hackers create virus-filled exchange to steal cryptocurrencies

Hacker.
Hacker.

Two security companies have warned that North Korean hackers, members of the famed Lazarus group — one of the most feared in the industry — have created a fake cryptocurrency exchange and filled it with viruses to steal users.

So when a victim creates an account on the platform, hackers ask for the download of an installer that contains a variant of a virus called AppleJeus Trojanwhich can record IP addresses, confidential user data, operating system versions and passwords stored in the browser.

The warnings come from security firms Volexity and Malwarebytes, which have launched investigations into possible attacks on cryptocurrency exchanges.

According to the security companies, the Lazarus group has registered the domain blox holder[.]of and configured to host a cryptocurrency platform.

BloxHolder, which presents itself as an innovative cryptocurrency trading platform, promises profits with a trading bot.

“Use our trusted cryptocurrency trading bots to automate cryptocurrency trading strategies across 20+ exchanges with our privacy-focused on-premises trading automation solutions.”

The legitimate site (left) and the clone (right)
The legitimate site (left) and the clone (right)

Further investigation revealed that the site is a copy of a legitimate cryptocurrency platform, but several changes have been made, with the fake copy being riddled with viruses and trojans.

Security experts said AppleJeus, first identified by Kaspersky Labs in 2018, collects information about the systems it infects and later hackers use this data to steal cryptocurrency.

Volexity added that it has “identified several other cryptocurrency-themed stocks associated with this campaign”.

“The Lazarus Group continues its efforts to reach cryptocurrency users despite continued attention to its campaigns and tactics.”

Lazarus Group

The Lazarus Group (also known as ZINC) is a North Korean hacking group that has been active since 2009. The group gained popularity after hacking into Sony and creating the WannaCry ransomware, which encrypted systems at companies around the world.

The US government is offering a reward of up to $5 million for information leading to the arrest of members of the group.

The group is also known for stealing cryptocurrencies around the world for the North Korean government. More recent attacks have focused on the proliferation of fake cryptocurrency wallets and trading apps that steal people’s private keys and drain their cryptocurrencies.

They were also responsible for attacking Axie Infinity and stealing more than $617 million from the popular blockchain game.

Follow Livecoins on Google News.

Like on Facebook, tweet and Instagram.

Source: Live Coins

follow:
\