North Korean Hackers Target Cryptocurrency Traders with TraderTraitor Malware
North Korean cybercriminals often engage in financially-motivated attacks, which enable them to siphon funds into their country, and using them to further the development of various controversial programs, such as the North Korean nuclear program. Recently, the Lazarus Hacking group has been seen using new social engineering tactics to gain illicit access to the trading profiles of cryptocurrency users. Allegedly, they are also relying on a malicious implant known as the TraderTraitor Malware, which also specializes in hijacking trading profiles to enable criminals to execute fraudulent trades.
The latest campaign involves the use of targeted phishing emails. Victims are approached with the promise of getting a better job opportunity, and they are asked to review the attachments, which would provide them with access to unique trading and price prediction utilities for cryptocurrencies. However, the file attachment actually carries a payload such as the TraderTraitor Malware.
Once the TraderTraitor Malware's infection is active, the Lazarus Group hackers can utilize it to send remote commands, and control the infected system. The malware may also spread laterally in case it has managed to infiltrate a larger network.
Recently, North Korean hackers were involved in a $650 million hack, which siphoned funds out of the Ronin network and, in particular, the Axie Infinity game. However, the TraderTraitor Malware was not involved in the aforementioned attack.
Currently, the TraderTraitor Malware might be active under the names TokenAIS, Esilet, and CryptAIS. Beware of random emails asking you to download and review attachments, or to install apps – make sure to keep your system safe with an up-to-date anti-malware application.