Security & Fraud

North Korean Hackers Going After Crypto Exchanges

Bank heist

North Korean hackers are at it again, with the group “Lazarus” setting their sights on cryptocurrency exchanges. Information security firm Kaspersky Labs revealed the latest cybersecurity issue on its Securelist blog, saying that the hacking group is tricking unsuspecting users into downloading cryptocurrency-related software laced with malware.

“Lazarus has been a major threat actor in the APT arena for several years. Alongside goals like cyberespionage and cyber sabotage, the attacker has been targeting banks and other financial companies around the globe,” the company wrote. “Over the last few months, Lazarus has successfully compromised several banks and infiltrated a number of global cryptocurrency exchanges and FinTech companies.”

Kaspersky recently discovered the hack while investigating a crypto exchange attacked by Lazarus, with the help of a trojanized cryptocurrency trading application. The update had been sent to the company via email, and an unwitting employee downloaded it from a legitimate-looking website. Their computer was then infected with malware known as Fallchill, an old tool that Lazarus is now using again. Computers infected with FallChill can immediately be controlled remotely.

The malware appears to come from an application called Celas Trade Pro from Celas Limited, which looks to be the real deal. The app, which can be downloaded by any user, is an "all-in-one style" cryptocurrency trading program.

“At the end of the installation process, the installer immediately runs the Updater.exe module with the 'CheckUpdate' parameter. This file looks like a regular tool and most likely will not arouse the suspicion of system administrators. After all, it even contains a valid digital signature, which belongs to the same vendor. But the devil is in the detail[s], as usual,” Kasperky added.

So far, the hackers look like they want to disrupt supply chains and businesses — they're not actually stealing crypto (yet).

“This should be a lesson to all of us, and a wake-up call to businesses relying on third-party software. Do not automatically trust the code running on your systems,” Kaspersky warned. “Neither good-looking website, nor solid company profile nor the digital certificates guarantee the absence of backdoors. Trust has to be earned and proven. Stay safe!”



The How We Shop Report, a PYMNTS collaboration with PayPal, aims to understand how consumers of all ages and incomes are shifting to shopping and paying online in the midst of the COVID-19 pandemic. Our research builds on a series of studies conducted since March, surveying more than 16,000 consumers on how their shopping habits and payments preferences are changing as the crisis continues. This report focuses on our latest survey of 2,163 respondents and examines how their increased appetite for online commerce and digital touchless methods, such as QR codes, contactless cards and digital wallets, is poised to shape the post-pandemic economy.