Lazarus, a popular hacker group believed to be backed by North Korea, is continuously upgrading itself to find new ways of stealing cryptocurrencies. As published by Kaspersky, analysis from Cybersecurity firm tells that Lazarus is leveraging Telegram, an instant messenger to steal cryptocurrencies.
Instead of developing new ways, the infamous group is slightly adjusting its old techniques to infect victim’s devices and steal their virtual assets. One new form is subjected to Lazarus executing its malware directly in memory itself rather than leaving digital footprints in hard drives.
Aside from this, the group’s found to be using Telegram to and fake websites to deceive users and inject malware. Titled as Operation AppleJeus Sequel, Kaspersky labs revealed how Lazarus techniques are evolving. It’s found that Lazarus is luring customers into a fake cryptocurrency exchange websites and making them join their fake telegram groups, which are used to disseminate malware to users. And when clicked, it infects the device and steals sensitive data as public and private keys of wallets.
These websites are of fake ones created using simple free templates in the web, are advertised to customers through a number of media ways and compels them to click on them to harm themselves. The group’s so sophisticated that, it’s considering even Apple users by creating a customized malware for infecting MacOS too.
Not just on the name of businesses, but few file extensions of this cryptocurrency realm are found to be stealing users’ funds illicitly. Others as Stantinko are leveraging YouTube bugs to mine cryptocurrencies on users devices. Whatever it is, it’s always advised not to fall for click baits and dump malware for simple profit luring campaigns.