The state-backed North Korean hacking group Kimsuky reportedly used a new malware variant to target at least two South Korean crypto firms.

North Korean hackers are reportedly utilizing a “striking” new malware variant dubbed “Durian” to launch attacks on South Korean crypto firms.

The North Korean hacking group Kimsuky used the new malware in a series of targeted attacks on at least two cryptocurrency firms so far, according to a May 9 threat report from cybersecurity firm Kaspersky.

This was done through a “persistent” attack by exploiting legitimate security software used exclusively by crypto firms in South Korea.

The previously unknown Durian malware acts as an installer that deploys a continued stream of malware, including a backdoor known as “AppleSeed,” a custom proxy tool known as LazyLoad and other legitimate tools such as Chrome Remote Desktop.

“Durian boasts comprehensive backdoor functionality, enabling the execution of delivered commands, additional file downloads, and exfiltration of files,” wrote Kaspersky.

Get to know Godleak

Godleak crypto signal is a  service which provide profitable crypto and forex signals. Godleak tried to provide you signals of best crypto channels in the world.

It means that you don’t need to buy individual crypto signal vip channels that have expensive prices. We bought all for you and provide you the signals with bot on telegram without even a second of delay.

Godleak crypto leak service have multiple advantages in comparision with other services:

•  Providing signal of +160 best crypto vip channels in the world
• Using high tech bot to forward signals
• Without even a second of delay
• Joining in +160 separated channels on telegram
• 1 month, 3 months , 6 months and yearly plans
• Also we have trial to test our services before you pay for anything

For joining Godleak and get more information about us only need to follow godleak bot on telegram and can have access to our free vip channels. click on link bellow and press start button to see all features

Join for Free

☟☟☟☟☟

https://t.me/Godleakbot

Also you can check the list of available vip signal channels in the bot. by pressing Channels button.

Additionally, Kaspersky noted that LazyLoad was also used by Andariel, a sub-group within fellow North Korean hacking consortium Lazarus Group — suggesting a “tenuous” connection between Kimsuky and the more notorious hacking group.

First emerging in 2009, Lazarus has established itself as one of the most notorious groups of crypto hackers.

On April 29, independent blockchain sleuth ZachXBT revealed that the Lazarus group had successfully laundered over $200 million in ill-gotten crypto between 2020 and 2023.

The Lazarus Group is accused of stealing over $3 billion in crypto assets in the six years leading up to 2023.

Lazarus was credited with stealing over 17% — a little over $309 million — of the total stolen funds in 2023. Throughout 2023, more than $1.8 billion worth of crypto was lost to hacks and exploits, according to a Dec. 28 report by Immunefi.