Lazarus Group Intensifies Cyber Attacks on Crypto Professionals with Advanced Malware

The well-known North Korean hacker group Lazarus Group has intensified its cyberattacks on the bitcoin sector. The organization, well-known for its cunning and inventive strategies, is now using even more potent malware to target developers and crypto specialists. Lazarus has expanded its emphasis to video conferencing services and released new malware versions, according to a recent research by cybersecurity firm Group-IB.

In 2024, Lazarus launched the “Contagious Interview” campaign, which dupes job seekers into downloading malicious software disguised as job-related tasks. This campaign has now evolved to include a fake video conferencing app named “FCCCall.” This deceptive application installs the BeaverTail malware, which then deploys the Python-based backdoor known as “InvisibleFerret.” According to Group-IB, “The core functionality of BeaverTail remains unchanged: it exfiltrates credentials from browsers, and data from cryptocurrency wallets browser extensions.”

In addition to BeaverTail, Group-IB researchers identified a new set of Python scripts called “CivetQ.” This new toolset is part of Lazarus’s growing arsenal, which now includes methods for using Telegram for data exfiltration. The group has also expanded its reach to gaming-related repositories, where they trojanize Node.js-based projects to distribute their malware.

Targeting Crypto Wallets and Expanding Reach

Recent initiatives by the Lazarus Group demonstrate a greater emphasis on browser extensions for cryptocurrency wallets. Popular apps including MetaMask, Coinbase, CoinEx, BNB Chain Wallet, TON Wallet, and Exodus Web3 are currently on their expanding list of targets. The methods used by hackers to hide their harmful code have also become more complex, making it more difficult to detect.

This increase is indicative of more general developments in the field of cybersecurity. The FBI has issued a warning, stating that North Korean cybercriminals are using sophisticated social engineering techniques to target workers in the decentralized finance and cryptocurrency industries. These sophisticated techniques represent a serious risk to companies with sizable cryptocurrency holdings.