A recent report from cybersecurity firm Kaspersky reveals that North Korean hackers, specifically the Kimsuky group, have been using a new and notable malware variant named "Durian".
A recent report from cybersecurity firm Kaspersky reveals that North Korean hackers, specifically the Kimsuky group, have been using a new and notable malware variant named "Durian" to carry out attacks on South Korean cryptocurrency companies. The attacks, described as persistent, exploited legitimate security software that is exclusively used by crypto firms in South Korea.
The Durian malware, previously unknown to the cybersecurity community, functions as an installer that deploys a series of malware, including a backdoor called "AppleSeed," a custom proxy tool called LazyLoad, and other legitimate tools like Chrome Remote Desktop. Kaspersky notes that Durian possesses comprehensive backdoor functionality, allowing the execution of delivered commands, downloading additional files, and exfiltrating data.
Interestingly, Kaspersky also discovered that LazyLoad, the proxy tool used by Durian, was previously associated with Andariel, a sub-group within the North Korean hacking consortium Lazarus Group. This suggests a potential connection between Kimsuky and the more infamous Lazarus Group.
In 2023 alone, Lazarus was responsible for pilfering over $309 million, which accounted for approximately 17% of the total stolen funds that year. According to a report by Immunefi, a cybersecurity company, more than $1.8 billion worth of cryptocurrencies fell victim to hacks and exploits throughout 2023.
This article contains links to third-party websites or other content for information purposes only (“Third-Party Sites”). The Third-Party Sites are not under the control of CoinMarketCap, and CoinMarketCap is not responsible for the content of any Third-Party Site, including without limitation any link contained in a Third-Party Site, or any changes or updates to a Third-Party Site. CoinMarketCap is providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement, approval or recommendation by CoinMarketCap of the site or any association with its operators.
This article is intended to be used and must be used for informational purposes only. It is important to do your own research and analysis before making any material decisions related to any of the products or services described. This article is not intended as, and shall not be construed as, financial advice.
The views and opinions expressed in this article are the author’s [company’s] own and do not necessarily reflect those of CoinMarketCap.
