Fun

News Feed - 2023-11-02 06:11:00

Tom Blackstone3 hours agoLazarus used ‘Kandykorn’ malware in attempt to compromise exchange — ElasticLazarus members posed as engineers and fooled exchange employees into downloading difficult-to-detect malware.891 Total views18 Total sharesListen to article 0:00NewsJoin us on social networksLazarus Group used a new form of malware in an attempt to compromise a crypto exchange, according to an Oct. 31 report from Elastic Security Labs.


Elastic has named the new malware “Kandykorn” and the loader program that loads it into memory “Sugarload,” as the loader file has a novel “.sld” extension in its name. Elastic did not name the exchange that was targeted.


Crypto exchanges have suffered a rash of private-key hacks in 2023, most of which have been traced to the North Korean cybercrime enterprise Lazarus Group.Kandykorn infection process. Source: Elastic Security Labs


According to Elastic, the attack began when Lazarus members posed as blockchain engineers and targeted engineers from the unnamed crypto exchange. The attackers made contact on Discord, claiming they had designed a profitable arbitrage bot that could profit from discrepancies between the prices of cryptocurrencies on different exchanges.


The attackers convinced the engineers to download this “bot.” The files in the program’s ZIP folder had disguised names like “config.py” and “pricetable.py” that made it appear to be an arbitrage bot.


Once the engineers ran the program, it executed a “Main.py” file that ran some ordinary programs as well as a malicious file called “Watcher.py.” Watcher.py established a connection to a remote Google Drive account and began downloading content from it to another file named testSpeed.py. The malicious program then ran testSpeed.py a single time before deleting it in order to cover its tracks.


During the single-time execution of testSpeed.py, the program downloaded more content and eventually executed a file that Elastic calls “Sugarloader.” This file was obfuscated using a “binary packer,” Elastic stated, allowing it to bypass most malware detection programs. However, they were able to discover it by forcing the program to stop after its initialization functions had been called, then snapshotting the process’ virtual memory.


According to Elastic, it ran VirusTotal malware detection on Sugarloader, and the detector declared that the file was not malicious.


Related:Crypto firms beware: Lazarus’ new malware can now bypass detection


Once Sugarloader was downloaded onto the computer, it connected to a remote server and downloaded Kandykorn directly into the device’s memory. Kandykorn contains numerous functions that can be used by the remote server to perform various malicious activities. For example, the command “0xD3” can be used to list the contents of a directory on the victim’s computer, and “resp_file_down” can be used to transfer any of the victim’s files to the attacker’s computer.


Elastic believes that the attack occurred in April 2023. It claims that the program is probably still being used to perform attacks today, stating:“This threat is still active and the tools and techniques are being continuously developed.”


Centralized crypto exchanges and apps suffered a rash of attacks in 2023. Alphapo, CoinsPaid, Atomic Wallet, Coinex, Stake and others have been victims of these attacks, most of which seem to have involved the attacker stealing a private key from the victim’s device and using it to transfer customers’ cryptocurrency to the attacker’s address. 


The United States Federal Bureau of Investigation has accused the Lazarus Group of being behind the Coinex hack, as well as performing the Stake attack and others.# Blockchain# Security# Adoption# Hackers# Cybercrime# Cybersecurity# Hacks# ExchangesAdd reactionAdd reactionRead moreCrypto horrors: Tales of lost Bitcoin walletsFrom payments to DeFi: A closer look at the evolving stablecoin ecosystemCrypto exchange Upbit targeted by hackers 159K times in H1: Report

News Feed

Bitcoin gives up late June gains amid warning $60K holding is ‘lucky’
William Suberg2 hours agoBitcoin gives up late June gains amid warning $60K holding is ‘lucky’Bitcoin is coming full circle to remove any trace of last weekend’s BTC price run-up, and liquidity is waiting below $60
Printing Money from Thin Air – How the Fed Reduces Purchasing Power and Makes You Poorer
Printing Money from Thin Air - How the Fed Reduces Purchasing Power and Makes You Poorer Unless you have your head in the sand, you’ve probably realized that governments an
Bitcoin Value Leaps Over the $31K Handle, BTC Sees an All-Time Price High in 2021
Bitcoin Value Leaps Over the $31K Handle, BTC Sees an All-Time Price High in 2021 The price of bitcoin has crossed a new all-time high on Saturday morning (EST),
Kraken CEO Discusses Impact of FTX Failure — Says Damage to Crypto Industry Is Huge, Will Take Years to Undo
Kraken CEO Discusses Impact of FTX Failure — Says Damage to Crypto Industry Is Huge, Will Take Years to Undo The CEO of cryptocurrency exchange Kraken has outlined the impact of
BOJ ex-board member says another rate hike unlikely this year
Tom Mitchelhill7 hours agoBOJ ex-board member says another rate hike unlikely this yearThe Bank of Japan is unlikely to raise interest rates again for the rest of the year, but it’ll be a "toss up" whether th
Gala Games Announces Launch Date for Spider Tanks
Gala Games Announces Launch Date for Spider Tanks press release PRESS RELEASE.Jackson, Wyoming (August 29, 2022) – Gala Games, the leading pioneer in web3 entertainment and b
Martin Young3 hours agoEthereum logs $1M MEV block reward amid Curve Finance exploitThe highest recently generated block reward was 584 ETH, created by a MEV bot front-running transactions during the DeFi chaos.1419 Tota
MEXC Global Vice President Andrew Weiner Explains the Appeal of Futures Trading
MEXC Global Vice President Andrew Weiner Explains the Appeal of Futures Trading A 6-year veteran of the crypto industry, Andrew Weiner serves as the Vice President of MEXC Global.
SWIFT Is Experimenting With Decentralized Technologies to Allow CBDC Interconnection
SWIFT Is Experimenting With Decentralized Technologies to Allow CBDC Interconnection SWIFT, the interbank payments protocol and messaging system, has announced it is working to con
Solana traders notice ‘huge’ bullish pennant as price jumps 17%
Ciaran Lyons3 hours agoSolana traders notice ‘huge’ bullish pennant as price jumps 17%Crypto traders note to “watch out” for Solana price action as a bullish pennant pattern has started to form on the price chart
Venezuelan Government Approves New Tax for Cryptocurrency and Foreign Currency Transactions
Venezuelan Government Approves New Tax for Cryptocurrency and Foreign Currency Transactions The Venezuelan Government has approved a new tax that would affect transactions made in
Cointelegraph Innovation Circle9 hours ago12 things blockchain protocols should consider when exploring AI Blockchain protocols can’t (and shouldn’t) ignore AI’s potential, but it’s important to implement it wit