The Lazarus Group has left a trail of crypto hacks throughout 2023, stealing millions of dollars. So far, Their targets have been Atomic Wallet, Stake.com, Alphapo, CoinEx, and CoinsPaid.
Now, in a shocking revelation, Elastic Security Labs revealed a new malicious software known as ‘Kandykorn’ by the Lazarus Group. This advanced malware has left experts consfused by its complexity and execution.
According to Elastic, the attackers posed as blockchain engineers. They targeted other engineers from the unnamed crypto exchange on a public Discord server.
They have designed a profitable arbitrage bot that could exploit price differences between cryptocurrencies on different exchanges. The engineers were convinced to download this “bot,” disguised as an arbitrage tool with files like “config.py” and “pricetable.py.”
The ‘Kandykorn’ attack chain
Elastic Security Labs delves into the intricate attack chain of ‘Kandykorn.’ This malware deploys a meticulously orchestrated five-stage process to remain undetected, showcasing its formidable capabilities. It begins with a Python script, ‘watcher.py,’ initiating a connection to a remote Google Drive account, leading to the download of concealed payloads.
The discovery of the ‘Kandykorn’ malware highlights the evolving landscape of cyber threats and the pressing need for robust security measures in the cryptocurrency space. As the Lazarus Group continues to evolve and expand its activities, the cryptocurrency community must remain vigilant.
Lazarus group is a massive crypto whale
Latest reports reveal that have become a whale of TRON (TRX) through illicit means. As per security firm PeckShield, the group has collected over 137 million TRX, equivalent to approximately $11.63 million. It represents 0.154% of the total TRON supply. They have a total market capitalization of $7.5 billion with a total supply of 89 billion TRX tokens.