Fun

News Feed - 2023-10-02 12:10:57

Brayden Lindrea5 hours agoCrypto firms beware: Lazarus’ new malware can now bypass detectionThe malware payload “LightlessCan” — used in fake job scams — is far more challenging to detect than its predecessor, warns cybersecurity researchers at ESET.2099 Total views25 Total sharesListen to article 0:00NewsJoin us on social networksNorth Korean hacking collective, the Lazarus Group, has been using a new type of “sophisticated” malware as part of its fake employment scams, which researchers warn is far more challenging to detect than its predecessor.


According to a Sept. 29 post from ESET’s senior malware researcher Peter Kálnai, while analyzing a recent fake job attack against a Spain-based aerospace firm, ESET researchers discovered a publicly undocumented backdoor named LightlessCan.#ESET researchers unveiled their findings about an attack by the North Korea-linked #APT group #Lazarus that took aim at an aerospace company in Spain.

▶️ Find out more in a #WeekinSecurity video with @TonyAtESET. pic.twitter.com/M94J200VQx— ESET (@ESET) September 29, 2023


The Lazarus Group’s fake job scam typically involves tricking victims with a potential offer of employment at a well-known firm. The attackers would entice victims to download a malicious payload masqueraded as documents to do all sorts of damage.


However, Kálnai says the new LightlessCan payload is a “significant advancement” compared with its predecessor, BlindingCan.


“LightlessCan mimics the functionalities of a wide range of native Windows commands, enabling discreet execution within the RAT itself instead of noisy console executions,” Kálnai said.


“This approach offers a significant advantage in terms of stealthiness, both in evading real-time monitoring solutions like EDRs, and postmortem digital forensic tools,” he added.️‍♂️ Beware of fake LinkedIn recruiters! Find out how Lazarus group exploited a Spanish aerospace company via trojanized coding challenge. Dive into the details of their cyberespionage campaign in our latest #WeLiveSecurity article. #ESET #ProgressProtected— ESET (@ESET) September 29, 2023


The new payload also uses what the researcher calls “execution guardrails,” ensuring that the payload can only be decrypted on the intended victim’s machine, thereby avoiding unintended decryption by security researchers.


Kálnai said one case involving the new malware came from an attack on a Spanish aerospace firm when an employee received a message from a fake Meta recruiter named Steve Dawson in 2022.


Soon after, the hackers sent over the two simple coding challenges embedded with the malware. The initial contact by the attacker impersonating a recruiter from Meta. Source: WeLiveSecurity.


Cyberespionage was the primary motivation behind Lazarus Group’s attack on the Spain-based aerospace firm, he added.


Related:3 steps crypto investors can take to avoid hacks by the Lazarus Group


Since 2016, North Korean hackers have stolen an estimated $3.5 billion from cryptocurrency projects, according to a Sept. 14 report by blockchain forensics firm Chainalysis.


In September 2022, cybersecurity firm SentinelOne warned of a fake job scam on LinkedIn, offering potential victims a job at Crypto.com as part of a campaign dubbed “Operation Dream Job." 


Meanwhile, the United Nations has been trying to curtail North Korea’s cybercrime tactics at the international level, as it is understood North Korea is using the stolen funds to support its nuclear missile program.


Magazine:$3.4B of Bitcoin in a popcorn tin: The Silk Road hacker’s story# Business# Security# Malware# Cybercrime# North Korea# Cybersecurity# DeFiAdd reactionAdd reactionRead moreHow to earn passive income with peer-to-peer lendingDAOs need to learn from Burning Man for mainstream adoptionAI tech boom: Is the artificial intelligence market already saturated?

News Feed

Quik․com Offers Registry of ․metaverse ․web3 and 8 Other NFT Domain TLDs
Quik․com Offers Registry of ․metaverse ․web3 and 8 Other NFT Domain TLDs sponsored Did you know?Due to the decentralized nature of NFT domains, users can host decentralized we
Financial Adviser Warns Crypto Is ‘One of the Biggest Bubbles Ever’ — Says ‘It’s Going to Be Ugly’
Financial Adviser Warns Crypto Is "One of the Biggest Bubbles Ever" — Says "It"s Going to Be Ugly" The president of Payne Capital Management has warned that crypto is “one
Santander Prepares to Offer Bitcoin ETF in Spain
Santander Prepares to Offer Bitcoin ETF in Spain Santander, a leading financial institution in Spain, is preparing to offer a Bitcoin ETF to its customers in the country. This, whi
Bitcoin Hits New All-Time High Of $84,000: What’s Next After A 23% Surge?
Este artículo también está disponible en español. The leading cryptocurrency on the market, Bitcoin (BTC), hit a new all-time high of $84,000 on Monday amid increased inf
Tom Blackstone7 hours agoUSDC issuer Circle launches MPC wallet beta for Ethereum, Polygon, AvalancheThe stablecoin issuer launched a service and API that allows developers to create customized wallets for their users.13
Crypto Pyramid Busted in Russia, Losses Exceed $10 Million
Crypto Pyramid Busted in Russia, Losses Exceed $10 Million Russian law enforcement agencies have gone after the organizers of a large crypto pyramid which has been promising extrao
Ethereum Breaking $3,100 Is ‘Just The Beginning’ In Quest To $10K: Analyst
Este artículo también está disponible en español. Analysts see that Ethereum has the potential to reach a new all-time high by December after it achieved its first breako
Bitcoin crashes to $53K, but analysts warn the worst isn’t over
Tom Mitchelhill4 hours agoBitcoin crashes to $53K, but analysts warn the worst isn’t overAnalysts say Bitcoin could sink as low as $50,000, but strong macro conditions and an entrenched “buy the dip” mentality will
SEC considers spot Ether ETF application from ProShares
Turner Wright2 hours agoSEC considers spot Ether ETF application from ProSharesThe commission approved 19b-4 filings from eight asset managers in May, but they won’t begin trading on U.S. exchanges until the SEC signs
Ethereum Looks Ready To Break Out Of 4-Year Consolidation, Analyst Says Price Will ‘Go Insane’
Reason to trust Strict editorial policy that focuses on accuracy, relevance, and impartiality Created by industry experts and meticulously reviewed The highest standards in reporting and pu
NFT sales down 44%, Logan Paul sues Coffeezilla: Nifty Newsletter
Prashant Jha4 hours agoNFT sales down 44%, Logan Paul sues Coffeezilla: Nifty NewsletterLogan Paul claims YouTuber Stephen Findeisen, also known as Coffeezilla, “maliciously and repeatedly” made false statements abou
History of Crypto: The future of crypto exchanges, regulatory battles, and governance
Zoltan Vardai8 hours agoHistory of Crypto: The future of crypto exchanges, regulatory battles, and governanceHere’s how the crypto industry evolved following one of its most notorious black swan events, the downfall of