New Malware "Durian" Targets South Korean Crypto Firms, Linked to North Korean Hacking Group

Kaspersky's latest threat intelligence report unveils the use of a new malware variant named "Durian" by the North Korean hacking group Kimsuky, targeting South Korean cryptocurrency firms.

The report highlights that Durian is specifically designed to breach security software utilized by South Korean crypto entities, with at least two confirmed victims identified. These incidents, occurring in August and November 2023, reveal a highly focused targeting strategy by the attackers.

Durian operates as an "initial-stage" installer, introducing additional malware and establishing persistence mechanisms within the targeted systems. Its execution initiates the deployment of a stage loader, seamlessly integrated into the operating system for automated activation. The malware's culmination involves a payload written in Golang, an open-source language known for its efficacy in networked environments and large-scale codebases.

Upon execution, the final payload enables remote command execution, facilitating file download and exfiltration from the compromised devices. Interestingly, Kaspersky's findings suggest a potential connection between Kimsuky and the notorious Lazarus Group, as the LazyLoad tool utilized by Durian has also been associated with Lazarus.

Lazarus Group, renowned for its crypto hacking activities since 2009, has been implicated in laundering over $200 million in illicit crypto between 2020 and 2023. The group stands accused of pilfering over $3 billion in crypto assets in the preceding six years, underscoring the severity of the cyber threat landscape.

Join Telegram Channel For Daily New update: https://t.me/cryptotelegraphs_updates