APT-C-26 (Lazarus) continues to upgrade its attack weapons, using Electron programs to target the cryptocurrency industry

Jan. 22, 2025, 9:46 a.m.

Description

The APT-C-26 (Lazarus) group has been observed using Electron-packaged malicious programs disguised as cryptocurrency trading tools to target individuals in the cryptocurrency industry. The attack involves a multi-stage process, including the use of poisoned open-source projects, obfuscated malicious code, and various downloaders to steal sensitive information and cryptocurrency wallet data. The group demonstrates sophisticated techniques, including strong code obfuscation and multi-platform attack capabilities. The malware performs functions such as host monitoring, file theft, and browser data exfiltration. The analysis reveals similarities with previous Lazarus campaigns, including the use of Python and JavaScript-based tools, as well as consistent C&C server patterns.

External References

https://mp.weixin.qq.com/s?__biz=MzUyMjk4NzExMA==&mid=2247505519&idx=1&sn=594229f2c0123673d1fa9c6cf729858b&chksm=f9c1e566ceb66c701d875de8481fe02d89654d4b56cfc51088de6e421cb701437cdab52a0851&scene=178&cur_album_id=1955835290309230595
https://otx.alienvault.com/pulse/6790b5f63f052ec4ae45b395
Tags
cryptocurrency
data theft
electron
2025-01-22
uniswapsniperbot

Date

  • Created: Jan. 22, 2025, 9:10 a.m.
  • Published: Jan. 22, 2025, 9:10 a.m.
  • Modified: Jan. 22, 2025, 9:46 a.m.

Attack Patterns

  • APT-C-26 (Lazarus)

Additional Informations

  • Technology
  • Finance