Fun

News Feed - 2023-11-02 06:11:00

Tom Blackstone3 hours agoLazarus used ‘Kandykorn’ malware in attempt to compromise exchange — ElasticLazarus members posed as engineers and fooled exchange employees into downloading difficult-to-detect malware.891 Total views18 Total sharesListen to article 0:00NewsJoin us on social networksLazarus Group used a new form of malware in an attempt to compromise a crypto exchange, according to an Oct. 31 report from Elastic Security Labs.


Elastic has named the new malware “Kandykorn” and the loader program that loads it into memory “Sugarload,” as the loader file has a novel “.sld” extension in its name. Elastic did not name the exchange that was targeted.


Crypto exchanges have suffered a rash of private-key hacks in 2023, most of which have been traced to the North Korean cybercrime enterprise Lazarus Group.Kandykorn infection process. Source: Elastic Security Labs


According to Elastic, the attack began when Lazarus members posed as blockchain engineers and targeted engineers from the unnamed crypto exchange. The attackers made contact on Discord, claiming they had designed a profitable arbitrage bot that could profit from discrepancies between the prices of cryptocurrencies on different exchanges.


The attackers convinced the engineers to download this “bot.” The files in the program’s ZIP folder had disguised names like “config.py” and “pricetable.py” that made it appear to be an arbitrage bot.


Once the engineers ran the program, it executed a “Main.py” file that ran some ordinary programs as well as a malicious file called “Watcher.py.” Watcher.py established a connection to a remote Google Drive account and began downloading content from it to another file named testSpeed.py. The malicious program then ran testSpeed.py a single time before deleting it in order to cover its tracks.


During the single-time execution of testSpeed.py, the program downloaded more content and eventually executed a file that Elastic calls “Sugarloader.” This file was obfuscated using a “binary packer,” Elastic stated, allowing it to bypass most malware detection programs. However, they were able to discover it by forcing the program to stop after its initialization functions had been called, then snapshotting the process’ virtual memory.


According to Elastic, it ran VirusTotal malware detection on Sugarloader, and the detector declared that the file was not malicious.


Related:Crypto firms beware: Lazarus’ new malware can now bypass detection


Once Sugarloader was downloaded onto the computer, it connected to a remote server and downloaded Kandykorn directly into the device’s memory. Kandykorn contains numerous functions that can be used by the remote server to perform various malicious activities. For example, the command “0xD3” can be used to list the contents of a directory on the victim’s computer, and “resp_file_down” can be used to transfer any of the victim’s files to the attacker’s computer.


Elastic believes that the attack occurred in April 2023. It claims that the program is probably still being used to perform attacks today, stating:“This threat is still active and the tools and techniques are being continuously developed.”


Centralized crypto exchanges and apps suffered a rash of attacks in 2023. Alphapo, CoinsPaid, Atomic Wallet, Coinex, Stake and others have been victims of these attacks, most of which seem to have involved the attacker stealing a private key from the victim’s device and using it to transfer customers’ cryptocurrency to the attacker’s address. 


The United States Federal Bureau of Investigation has accused the Lazarus Group of being behind the Coinex hack, as well as performing the Stake attack and others.# Blockchain# Security# Adoption# Hackers# Cybercrime# Cybersecurity# Hacks# ExchangesAdd reactionAdd reactionRead moreCrypto horrors: Tales of lost Bitcoin walletsFrom payments to DeFi: A closer look at the evolving stablecoin ecosystemCrypto exchange Upbit targeted by hackers 159K times in H1: Report

News Feed

Bootstrapping Blockchains: After Successful NULS 2.0 Mainnet Launch Several Projects Queue for Staked Coin Output (SCO)
TwitterFacebookLinkedInReddit Source: Shutterstock AccuChain, HENA, Token Network, and OUR WORLD Seek NULS Community
LEAD Wallet Launches Its Super Simple Application; Even Your Grandma Would Be Able to Use It
LEAD Wallet Launches Its Super Simple Application; Even Your Grandma Would Be Able to Use It PRESS RELEASE. Lead Wallet, a new crypto wallet application, has off
54% of institutional investors in Japan plan to invest in crypto: Survey
Ezra Reguerra10 hours ago54% of institutional investors in Japan plan to invest in crypto: Survey54% of Japanese institutional investors plan to invest in crypto over the next three years, citing portfolio diversificatio
XRP Addresses Holding 1M Coins Reach 12-Year High As Experts Predict Move Above $4
Reason to trust Strict editorial policy that focuses on accuracy, relevance, and impartiality Created by industry experts and meticulously reviewed The highest standards in reporting and pu
Bitcoin Futures Data Shows Bullish Long/Short Ratio – Details
Reason to trust Strict editorial policy that focuses on accuracy, relevance, and impartiality Created by industry experts and meticulously reviewed The highest standards in reporting and pu
Bitcoin’s Average Transfer Fees Experience Sharp Increase: 122% Rise in 10 Days
Bitcoin’s Average Transfer Fees Experience Sharp Increase: 122% Rise in 10 Days Statistics show transfer fees on the Bitcoin network have increased 122% since the end of last mon
India cracks down on darknet drug deals using crypto tracking
Arijit Sarkar36 minutes agoIndia cracks down on darknet drug deals using crypto trackingIndia’s NCB forms a special task force and initiates digital forensics training to tackle the growing misuse of cryptocurrencies i
$20M exploit cripples Sonne Finance, hacker in no mood for negotiation
Arijit Sarkar1 hour ago$20M exploit cripples Sonne Finance, hacker in no mood for negotiationSonne Finance halted operations after a hack drained $20 million in cryptocurrencies, including WETH and USDC. Efforts to recov
Lido Protocol Reveals Plans for Withdrawal Feature Ahead of Ethereum’s Shanghai Hard Fork
Lido Protocol Reveals Plans for Withdrawal Feature Ahead of Ethereum"s Shanghai Hard Fork While the Ethereum community prepares for the upcoming Shanghai hard fork in March, the de
Solana Could Target $220 If It Holds Current Levels – Analyst Expects Short-Term Bullish Momentum
Este artículo también está disponible en español. Solana is trading above the crucial $200 level after enduring days of extreme volatility and heavy selling pressure. Des
Zhiyuan Sun8 hours agoAnother Fantom project winds down citing Multichain exposureOver $1.5 billion of users’ and enterprises’ assets were held on Multichain prior to the arrest of its CEO, Zhaojun He.1146 Total view
Last Chance to Get Staked $750+ Million HEX Payout November 19th, 2020
Last Chance to Get Staked $750+ Million HEX Payout November 19th, 2020 HEX.COM – The First High Interest Blockchain Certificate of Deposit – has outp