Hackers from the group of Lazarus, which is associated with the North Korean authorities in the near future, can attack cryptocurrency exchanges and technology startups with new developments. This is reported by specialists of the antivirus company Kaspersky Lab.
According to them, hackers have developed custom scripts for automation PowerShell, disguised as files of popular open source software, particularly WordPress. With their help, they redirect users to malicious C2 servers.
“After creating the session management malicious software on the server, it can download and upload files, update the configuration of the malware and to collect basic host info”, — the report says Kaspersky Lab.
Experts recommended that representatives of cryptocurrency companies to observe safety precautions when installing software.
“Check the new software with antivirus, and never enable macros in Microsoft Office documents received from a new or untrusted sources”, they stated.
Recall, according to Group-IB company, in 2017-2018 hackers from Lazarus hacked five kryptomere, including Japan’s Coincheck, which lost $534 million According to experts of the UN through cyber attacks Pyongyang received $571 million in the cryptocurrency.