North Korean Hackers Use "Durian" Malware To Attack South Korean Crypto Companies

North Korean hackers reportedly used a striking new malware variant called "Durian" (photo: x @kaspersky)

North Korean hackers are reportedly using a striking new malware variant called "Durian" to launch an attack on crypto companies in South Korea.

North Korea's hacker group, Kimsuky, used this new malware in a series of targeted attacks on at least two crypto companies, according to a threatening report from cybersecurity firm Kaspersky on May 9.

This attack was carried out through "sustainable" attacks by exploiting legitimate security software used exclusively by crypto companies in South Korea.

Durian's previously unknown malware serves as an installer that spreads the flow of malware continuously, including a backdoor known as "AppleSeed," a custom proxy tool known as LazyLoad, and other legitimate tools such as Chrome Remote Desktop.

"The durian has a comprehensive backdoor function, enabling execution of transmitted commands, downloading additional files, and exfiltration of files," Kaspersky wrote.

In addition, Kaspersky noted that Lazy Load was also used by Andariel, a sub-group in North Korea's hacker consortium Lazarus Group, which shows a "weak" relationship between Kimsuky and the more well-known hacker group.

First appeared in 2009, Lazarus has established himself as one of the most famous crypto hacker groups.

On April 29, independent blockchain investigator ZachXBT revealed that the Lazarus group managed to launder more than $200 million in cryptocurrencies obtained illegally between 2020 and 2023.

The Lazarus group is accused of stealing more than $3 billion in crypto assets from six years to 2023.

Lazarus was credited with stealing more than 17% of the $ 309 million worth of the total stolen funds by 2023. Throughout 2023, more than $ 1.8 billion in cryptocurrencies were lost due to hacking and exploitation, according to Immunefi's report on December 28.