North Korean hackers deploy ‘Durian’ malware, targeting crypto firms — TradingView News | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker

North Korean hackers are utilizing a “striking” new malware variant dubbed “Durian” to reportedly launch attacks on South Korean crypto firms.

The North Korean hacking group Kimsuky used the new malware in a series of targeted attacks on at least two cryptocurrency firms so far, according to a May 9 threat report from cybersecurity firm Kaspersky.

This was done through a “persistent” attack by exploiting legitimate security software used exclusively by crypto firms in South Korea.


The previously unknown Durian malware acts as an installer that deploys a continued stream of malware including a backdoor known as “AppleSeed,” a custom proxy tool known as LazyLoad, and other legitimate tools such as Chrome Remote Desktop.

“Durian boasts comprehensive backdoor functionality, enabling the execution of delivered commands, additional file downloads, and exfiltration of files,” wrote Kaspersky.

Additionally, Kaspersky noted that LazyLoad was also used by Andariel, a sub-group within fellow North Korean hacking consortium Lazarus Group — something that suggested a “tenuous” connection between Kimsuky and the more notorious hacking group.


Click Here For The Original Story From This Source.


National Cyber Security