Crypto-stealing Trojan Found on Kazakhstan Government Site

On the Kazakh government’s official website, documents infected with malware, one of whose functions is cryptocurrency theft, had been present for almost six months. According to cybersecurity specialists from T&T Security and Zerde Holding, this was reported.

They found the Razy trojan in several test documents uploaded to the legal and budget sections of the eGov.kz portal.

After downloading the file, the user sees a genuine, legitimate document, while at the same time a malicious program is installed on their computer.

Data: T&T Security.

The malware activation occurred in May 2021. According to researchers, most infected documents arrived on the government site from organisations in Kazakhstan.

Data: T&T Security.

Razy trojan was first detected in 2015. Its main functions include substituting cryptocurrency addresses, wallet QR codes, and pages of bitcoin exchanges.

The researchers believe the current attack targeted specific organisations that may use these documents.

“Most likely, the attackers had no intention of a mass attack on citizens. The accessibility of the documents is probably a side effect,” they said.

Earlier in July 2020, there was a surge in Mekotio trojan activity aimed at stealing cryptocurrency. Attackers spread malware via phishing campaigns impersonating well-known organisations and government institutions.

Subscribe to ForkLog news on Telegram: ForkLog Feed — the full news feed, ForkLog — the most important news, infographics and opinions.