Experts Warn of a Trojan-Infected, Bogus Crypto Exchange Being Run from North Korea

Crypto Exchange

North Korean hackers have created a fake crypto exchange to steal users’ crypto assets. They are doing this by infecting users’ Internet-connected devices with the help of malware.

Korean hackers are doing more than just infecting users’ devices with malware through fake exchanges. They are also gaining access to crypto assets and sensitive information.

Experts indicate the involvement of North Korean Hackers

Experts fear that North Korean hackers may steal users’ crypto assets after gaining access to their Internet devices.

The claim has been made by Volexity, which is a security provider and is backed by virus-blocking software, Malewarebytes.

Volexity has further claimed that the Pyongyang-based infamous Lazarus Hacking Group is behind all of it.

According to a blog post by the security provider, Lazarus Hacking Group started the exchange in the middle of the running year. They launched the exchange to steal the users’ crypto assets.

However, according to Volexity’s research, Bloxholder, which is a trading platform, was copied by HaasOnline with aim of cheating customers.

Volexity further provided some evidence in its blog post that the identical text and web pages proved that BloxHolder cloned HaasOnline.

HaasOnline Used to Plant a Trojan

Volexity has revealed that Bloxholder asks users to install a Microsoft “installer file” that is pre-modified to include variants of the AppleJeus Trojan.

Applejeus is able to infect the systems and transfer information about the affected systems. It is capable of collecting details of computer names, computer addresses, and OS versions.

This early access makes crypto assets easier for hackers to steal. Leading antivirus software, Kaspersky Labs first identified Applejeus in 2018.

Red Flag from Major Virus Blocking Software                                               has reported that the Boxholder website is getting red flags for being a dangerous virus by various virus-blocking software.

The anti-virus flagging the website includes Avast, MacAfee, and South Korean Ahn Labs.

Volexity claims that as part of the campaign, the hackers attached several other Microsoft installer files to the cryptocurrency theme in order to rob users.

The author’s report warns that cryptocurrency users need to beware of the North Korean hacking group Lazarus.

The author added that Lazarus Group would accelerate its efforts to target cryptocurrency users and further refine its strategies.

Lazarus Keeps Changing its Strategies

Volexity also stated that it had not noticed changes in the Lazarus Group’s strategy to modify Microsoft Office documents through AppleJeus variants.

According to the investigation carried out by the SBS of South Korea, North Korea’s intelligence agency is allegedly behind the actions of the hacking group Lazarus

SBS added that the Lazarus Group reports all of its activities to the General Bureau, which acts as an intelligence agency for North Korea.

Last month, a prominent academic urged the South Korean government to block North Korea from targeting crypto firms located south of the DMZ.

The academic requested to protect the cryptocurrency firms from cyber-attacks by the Lazarus Group.