North Korean Hackers Deploy New Malware Against Cryptocurrency Firms

North Korean hackers known as Kimsuky have begun using new malware, Durian, to target cryptocurrency companies. This was reported by experts from Kaspersky Lab.

Our latest APT trends for Q1, 2024 if now live and includes a look at some of the more interesting APT activities revealed during Q1, including Careto APT reappearance, hacktivist activity, and much more.

Full report ⇒ https://t.co/yTe8mxePF1 pic.twitter.com/37N8ZGliZA

— Kaspersky (@kaspersky) May 9, 2024

Durian steals files from infected systems and installs the AppleSeed backdoor and the LazyLoad proxy tool.

At least two South Korean cryptocurrency companies have already been attacked by this malware using legitimate security software, experts noted.

According to a UN Security Council report, approximately half of North Korea’s foreign currency income comes from cyberattacks, including those on the crypto industry. Their estimates suggest that from 2017 to 2023, hackers caused cumulative damage equivalent to $3 billion.

Previously, on-chain researcher ZachXBT tracked the movement of $200 million stolen by the Lazarus Group hackers in 25 cyberattacks between August 2020 and October 2023.