North Korea aims 'TraderTraitor' malware at cryptocurrency workers

Written by
Apr 19, 2022 | CYBERSCOOP

North Korean state-backed hackers are phishing cryptocurrency company employees in order to gain access to systems that allow them to make fraudulent trades, according to an advisory Monday from the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency.

The technique begins with a large number of email messages to that offer a better job to the employees — a common technique for the North Korean hackers, who are commonly known as the Lazarus Group. The emails urge recipients to click on applications posing as cryptocurrency trading and price prediction tools. They’re actually malware that CISA, which issued the alert with the FBI and Treasury Department, calls “TraderTraitor.”

Once the payload is deployed, cybercriminals can execute commands and send additional malware allowing them to gain access to a victim’s computer and move across a company’s network. The goal is to steal private keys or exploit security gaps that allow for fraudulent blockchain transactions, CISA said.

The warning follows updated sanctions last week against the Lazarus Group for links to a recent $650 million hack of the Ronin network connecting the popular Axie Infinity video game with the Ethereum blockchain. The

Read More: