North Korean hackers started using the Telegram messaging app to distribute malware which allows them to steal cryptocurrencies. According to the security company Kaspersky, Lazarus Group is behind the attacks.
How do hackers use Telegram to steal cryptocurrencies?
It seems that they have significantly changed the attack methodology, however, cryptocurrencies are still the main area of their interest. They registered a nonexistent company to deliver malicious files to macOS users, and added an authentication mechanism that allows data to be transferred carefully in the next step, and also learned how to load the malware to the memory without accessing the device’s disk. In addition, the Windows malware have undergone significant changes.
One example of this malware is UnionCryptoTrader, which comes as a trading platform for smart cryptocurrency arbitrage, but actually steals users’ confidential data.
Kaspersky analysts say that hackers are increasingly using the Telegram app, a favorite means of communication between cryptocurrency traders. Several fake ICO sites and trading platforms were discovered that contained links to malicious groups on Telegram.
The attack is dubbed the “Operation AppleJeus Sequel” as a continuation of the “Operation AppleJeus” in 2018, Kaspersky identifies. And the victims are from the UK, Poland, Russia and China.
It is worth noting that last year, Lazarus hackers created a fake site for crypto trading. Prior to this, it became known that Lazarus hackers are one of the most profitable organized crime group in the world.