North Korean hackers have deployed a new malware called "Durian" to target at least two South Korean crypto companies, according to a threat report from cybersecurity firm Kaspersky.
Striking and persistent malware
The Durian malware is described as "striking" and "persistent", as it can exploit legitimate security software used exclusively by South Korean crypto companies. It acts as an installer that deploys a steady stream of malware, including a backdoor called "AppleSeed", a custom proxy tool called "LazyLoad" and other legitimate tools such as Chrome Remote Desktop.
Malware features
The Durian malware offers full backdoor functionality, enabling command execution, additional file downloads and file exfiltration. According to Kaspersky, LazyLoad was also used by Andariel, a subgroup of the North Korean hacker group Lazarus Group, suggesting a tenuous connection between Kimsuky and the more notorious hacker group.
The implications for crypto security
The implications for crypto security are serious, as this malware can enable hackers to steal funds and compromise data confidentiality. Crypto companies must take steps to protect their systems against this type of malware. It is essential that crypto companies strengthen their security measures, implementing robust protocols such as Durian.
Outlook for the future
The outlook for the future is worrying, as North Korean hackers continue to develop new malware to target crypto companies. Crypto companies must remain vigilant and take steps to protect their systems against these threats.
