North Korean hackers deploy ‘Durian’ malware, targeting crypto firms

As a seasoned crypto investor with a keen interest in cybersecurity, I find the emergence of the new Durian malware variant used by North Korean hackers against South Korean crypto firms deeply concerning. The persistent attack through exploiting legitimate security software exclusively used by these firms is particularly alarming.


As a cybersecurity analyst, I’ve come across some intriguing information. North Korean cybercriminals have allegedly adopted a fresh and noteworthy malware strain called “Durian” for their purported assaults on South Korean cryptocurrency businesses.

According to a May 9th threat analysis by Kaspersky, the North Korean hacking collective Kimsuky employed fresh malware in targeted assaults against a minimum of two cryptocurrency companies.

Crypto firms in South Korea were targeted in a relentless cyber assault, taking advantage of legally employed security software specifically used within their industry.

As an analyst, I’ve uncovered new information about the previously undisclosed Durian malware. This malware functions as an installer, deploying a consistent flow of malicious software into the system. Among these components are a backdoor named “AppleSeed” and a custom proxy tool referred to as “LazyLoad.” Additionally, it employs legitimate tools such as Chrome Remote Desktop for camouflage.

As a researcher, I’ve discovered that durian, this malicious software, comes packed with extensive capabilities for bypassing security measures. It allows for the execution of hidden commands, facilitates extra file downloads, and even steals sensitive data by exfiltrating files from the affected system.

Furthermore, Kaspersky pointed out that LazyLoad was employed by Andariel, a segment of the infamous North Korean cybercrime collective Lazarus Group. This observation indicated a possible, albeit weak, link between Kimsuky and the more renowned hacking organization.

Since its inception in 2009, Lazarus has gained notoriety as one of the foremost cryptocurrency hacking organizations.

On April 29, ZachXBT, an individual investigator specializing in blockchain technology, disclosed that the notorious Lazarus group had managed to launder over $200 million worth of cryptocurrencies obtained illegitimately between the years 2020 and 2023.

The Lazarus Group is reportedly responsible for the theft of more than $3 billion worth of cryptocurrencies between the years 2017 and 2023.

In the year 2023, Lazarus was reportedly responsible for making off with approximately 17% or around $309 million from the total of over $1.8 billion in crypto that were stolen due to hacks and exploits, as mentioned in a report published on Dec. 28 by Immunefi.

Read More

2024-05-13 05:33