TL; DR
-
In a blog post Released this week, Elastic Security Labs said Lazarus allegedly impersonated blockchain engineers on Discord and convinced their “friends” to download a crypto arbitrage bot.
-
It turned out that the file contained malicious code that connected to a Google Drive account, which began downloading sensitive content (such as passwords) from the developers’ files.
-
Seems easier than it should be, right?
Full story
Ever seen one unbelievable Magic show?
You are asked to choose a card from a deck without showing the magician, placing it back into the deck which is shuffled many times, only for the top card to fall. your card?
At first you think, ‘Wow, that couldn’t have been possible. This must be real magic.’
Then you find out that it’s just a ‘trick deck’ and every card in the deck is the same…
That’s pretty much how we feel about the “magic trick” that cybersecurity firm Elastic Security Labs just identified as being used by North Korean cybercrime group Lazarus to carry out multiple hacks on crypto exchanges.
In a blog post Released this week, Elastic Security Labs said Lazarus allegedly impersonated blockchain engineers on Discord and convinced their “friends” to download a crypto arbitrage bot.
It turned out that the file contained malicious code that connected to a Google Drive account, which began downloading sensitive content (such as passwords) from the developers’ files.
Sensitive content → access to crypto.
Seems easier than it should be, right?
