Blockchain security technology providers Volexity and Malwarebytes have reported that they have observed North Korean hackers, likely belonging to the Lazarus group, to create the BloxHolder exchange, a clone of the HaasOnline trading platform.
As evidence, security specialists presented examples of the design of almost identical web pages and texts proving the identity of the two sites.
Security experts are warning traders and crypto asset holders that users of the fake exchange BloxHolder are being asked to accept an installation file that contains a variant of the AppleJeus Trojan.
The AppleJeus Trojan can collect information about computer addresses and names, OS versions, and access passwords. This is the initial stage of collecting critical information for subsequent unauthorized access to users’ computers and theft of crypto assets.
Volexity added that it “has not previously noted the use of Microsoft documents to deploy variants of the AppleJeus Trojan,” which could mean “a change in Lazarus’ criminal tactics.”
Bloomberg and blockchain security researchers Mandiant said in August that North Korean government-sponsored hackers were paying more attention to a new method of stealing funds from the digital currency market. Members of the Lazarus Group pose as IT professionals and steal users’ LinkedIn resumes in the hope of gaining insider information and creating backdoors that allow these platforms to be used later to steal funds.
Source: Bits
I am an experienced journalist, writer, and editor with a passion for finance and business news. I have been working in the journalism field for over 6 years, covering a variety of topics from finance to technology. As an author at World Stock Market, I specialize in finance business-related topics.
