Hackers Launch Bitcoin Stealing Malware
Kim Jong Un Hackers’ Fake Crypto App
The DeFi Cryptocurrency Wallet App is under heavy hacking attacks that have been tracked to North Korea. Cyber security analysts have traced the dark web hackers, whom they believed are aligned with Kim Jong Un’s iron-fist regime.
The North Korean government’s hacking group have been busy trying to infiltrate the crypto wallet app, which investors use to store Bitcoins, Ethereum, and other digital currencies. It was recently discovered that a trojanized version of the DeFi Wallet was heavily distributed by the Korean dark web hackers, in an effort to access the cryptocurrency storage systems.
Fake Malware Backdoor
With the successful infiltration into the assets of cryptocurrency investors’ wallets; it would have resulted in billions worth of US dollars in cash value. The theft would have been a highly successful hacking campaign for the Kim Jong Un isolated regime.
Investigation into the cryptocurrency hacking campaign highlights that the dark web hackers utilize web servers located across the border in South Korea. The threat actor relied heavily on distributing its malicious malware through South Korea to conceal its location. However, through the communication port of the installed malware, the cyber analysts were able to track the group of hackers to North Korea.
Chrome Browser Bitcoin Scam
Reportedly, the DeFi Wallet which is a legitimate App still maintains its core function. However, it also contains a fake backdoor disguise, which would remain unnoticeable to cryptocurrency users. Analysts warned that once downloaded with the help of the Chrome browser; it would give the North Korean hackers access to the crypto assets of hacked cryptocurrency wallets.
The installed malware implants were discovered by Kaspersky cyber security firm. Its researchers revealed that the DeFi Wallet App boasts a disguised malicious duplicate wallet. The fake variant was retrofitted with an executable backdoor with Google Chrome’s functionality.
November 2021, depicts the created date of the trojanized DeFi App with a fully functional virus backdoor ready for system execution. Additionally, cyber analysts theorized that phishing email scams would have been the more likely distribution format, with the utilization of social media platforms.
Phishing Emails Recruit Victims
The researchers described how the installed malware boasts “sufficient capabilities to control” its victims. Whereby, once it attacks the host; it can delete files as well as execute Windows commands. It also has the capabilities of launching and deleting files, and can even terminate critical processes. In addition, it can utilize the affected gadgets’ metadata to enumerate files, and fully control a computer connected to the dark web hackers’ IP addresses.
Kaspersky’s cyber security analysts warned that the hacked App also has a host of additional functions. It is equipped to collect the hacked system IP, name, OS, and CPU architecture. In addition, the type of drives and the available free space, commands that download files, and a control server (C2).
Above all, the capabilities of the malware App make it possible to access files with cryptocurrency wallets that are stored in private locations.