Breaking News Lazarus Group Strikes Again with ‘Kandykorn’ Malware in Dramatic Crypto Exchange Attack

Report Lazarus Group Strikes Again with 'Kandykorn' Malware in a Targeted Crypto Exchange Breach

North Korean Hackers Unleash Kandykorn Malware on Cryptocurrency Exchanges!

Source: AdobeStock / Sergey Nivens

Oh boy, the North Korean hackers are at it again! This time, they’ve cooked up a new gourmet malware dish called “Kandykorn” to target unsuspecting cryptocurrency exchanges. Elastic Security Labs recently blew the whistle on this notorious Lazarus Group, revealing their latest cyber shenanigans. And let me tell you, it’s like a blockbuster action movie playing out in the digital world!

Imagine, these hackers posed as blockchain engineers, infiltrating a public Discord server, and posing as super-smart arbitrage bot builders. They lured unsuspecting engineers with promises of exploiting price differences between cryptocurrencies on different exchanges. Can you believe it? They convinced these engineers to download their malicious “bot” disguised as an arbitrage tool with catchy file names like “config.py” and “pricetable.py.” Talk about candy-coated trickery!

Now, let’s dive into the juicy details of the Kandykorn operation. Elastic Security Labs, like expert detectives, unraveled the five-stage process behind this advanced malware. It’s like an intricate dance, showcasing the terrifying capabilities of the hackers.

First, they unleash a Python script named “watcher.py” that connects to a remote Google Drive account. This script then downloads a file called “testSpeed.py,” but don’t blink, because it’s quickly erased to eliminate any evidence! Sneaky, huh?

But wait, there’s more! During this frenetic download dance, the script secretly fetches another Python file known as “FinderTools” from a Google Drive URL. FinderTools takes over as the next dropper, downloading and executing a concealed second-stage payload named…wait for it… SUGARLOADER! Who comes up with these names?

SUGARLOADER, like a magician’s assistant, skillfully hides itself by using a “binary packer,” making it a real challenge for most malware detection programs. But Elastic Security Labs refused to be fooled. They halted the program’s post-initialization functions and examined its virtual memory, revealing its true identity. Bravo!

But the adventure doesn’t end there. SUGARLOADER establishes a connection with a remote server, retrieving the grand finale payload, the notorious KANDYKORN. This bad boy is executed directly in the memory, bringing with it a whole arsenal of remote access Trojan (RAT) capabilities. It’s like a formidable creature, with powers of file enumeration, executing additional malware, data exfiltration, process termination, and arbitrary command execution. It’s a digital villain that you definitely don’t want to mess with!

And let me tell you, these hackers are hitting crypto exchanges left and right. They’ve been stealing private keys like a modern-day Robin Hood, but without the altruistic intentions. Cryptocurrency exchanges have been bleeding money, with millions of dollars disappearing into thin air. The Lazarus Group is like a swarm of digital locusts, leaving a trail of devastation in their wake.

They wiped out over $40 million from Stake.com, and that’s just the tip of the iceberg. Cryptocurrency exchanges like Atomic Wallet, CoinsPaid, Alphapo, and CoinEx have all fallen victim to their cunning schemes. The total haul amounts to a mind-boggling $240 million since June! It’s like a never-ending heist movie, with the Lazarus Group as the ultimate super villains.

The United States Federal Bureau of Investigation (FBI) has pointed an accusing finger at the Lazarus Group, linking them to the CoinEx hack and the infamous Stake.com attack. These hackers are leaving their calling card everywhere they go, like modern-day digital pirates marking their territory.

According to a report by 21.co, wallets connected to the Lazarus Group hold a staggering amount of cryptocurrency. Picture this – 1,600 Bitcoin, 10,810 Ether, and 64,490 Binance Coins. It’s like a gigantic treasure chest waiting to be seized by the cyber police, or perhaps some brave hero with a knack for digital justice.

So, my fellow digital investors, be on high alert! Stay vigilant and fortify your defenses because these hackers are relentless. Don’t be like those engineers who fell for the honey-coated tricks of the Lazarus Group. Always double-check, verify, and protect your digital assets like a superhero protecting their secret identity.

Remember, we’re all in this digital adventure together, and with a bit of humor and a lot of caution, we can navigate these treacherous waters. Stay safe, fellow crypto warriors!

What are your thoughts on the Lazarus Group’s latest escapades? Have you ever fallen victim to a cyber attack? Share your stories and let’s spread awareness in the digital world!

We will continue to update Blocking; if you have any questions or suggestions, please contact us!

Share:

Was this article helpful?

93 out of 132 found this helpful

Discover more

Blockchain

The game of the exchange after the BCHSV "belowed"

The representative of the BSV community, Craig S Wright (CSW), has always claimed to be Nakamoto, and the people in t...

Blockchain

Hardcore: Declassified U.S. Department of Justice sues Chinese OTC acceptor for money laundering

Source: PeckSheild On March 02, 2020, the U.S. Department of Justice initiated indictments against two Chinese people...

Blockchain

A new attempt at traditional finance, the technology of the Stock Exchange enters the currency circle

In January 2019, the London Stock Exchange Group announced a partnership with the digital asset trading platform AAX,...

Blockchain

The cryptocurrency exchange "closed tide", running to catch up with P2P

The cryptocurrency exchange, once regarded as “stable and not paying”, is more crazy than other fields,...

Blockchain

OTC is a hotbed of money laundering, can the exchange stay out of the way?

What should I do if my account is accidentally frozen? The over-the-counter market (OTC) is becoming more and more at...

Blockchain

Lose user trust? "Black Thursday" has reduced BitMEX bitcoin holdings by nearly 40%

This article Source: Cointelegraph Chinese , Author: MICHAEL KAPILKOV, the original title "from the black since ...