- Lazarus Group created fake U.S. companies to target crypto developers.
- Malware was distributed through fake job offers, stealing wallet keys.
North Korean hackers associated with the notorious Lazarus Group are behind a highly sophisticated scheme to hack cryptocurrency developers. The group set up fake US-based companies to distribute malware in the hope of stealing sensitive data, such as crypto wallet credentials.
The hackers established three shell companies as a result of a recent investigation: BlockNovas LLC, SoftGlide LLC, and Angeloper Agency. Of these two were legally registered in New Mexico and New York using fake identities, as BlockNovas and SoftGlide respectively.
To carry out the operation, they posed as recruiters with job opportunities for developers. The application process tricked victims into downloading malicious software; as a result the victims’ systems were compromised and their cryptocurrency assets were exposed.
Malware Scheme Exploits Job Seekers
It was a calculated and deceptive hackers’ strategy. The fake job offers they created targeted developers through professional networking platforms and looked legitimate. Applicants, during the hiring process, were asked to download a piece of software to fix an ‘error’ with recording an introductory video.
This “fix” was a malware trap. The malicious software was once downloaded and then stole login credentials and crypto wallet keys that could be used to attack the cryptocurrency industry further.
Reports also confirm that at least one known victim had their MetaMask wallet compromised. The operation was disrupted by the FBI seizing the BlockNovas domain.
However, SoftGlide, as well as other infrastructure of the scheme, such as domain names, are still active, and hence the risks persist.
It has already affected multiple victims as the campaign started in 2024. It is quite unusual for North Korean hackers to knowingly violate U.S. Treasury and UN sanctions by registering U.S. legal businesses in order to conduct cyberattacks.
Lazarus Group’s History of Crypto Attacks
The cryptocurrency industry has long been a target of the Lazarus Group. The FBI has reported that since 2017, the group was accused of stealing over $3 billion in digital assets, including the high profile heist of $600 million Ronin Network hack in 2022.
Exploiting vulnerabilities in such incidents is done by their tactics, which often include social engineering, like spear phishing and fake employment offers. In 2017, 200,000 systems across 150 countries were affected by the WannaCry ransomware attack, which Europol has also connected to the organisation.
The latest operation illustrates the ongoing threat from state-sponsored cyber actors. North Korea’s cyber efforts are acknowledged as some of the most advanced in the world, and the country uses these attacks to fund its regime, which is under international sanctions.
Their schemes also add a new layer of complexity to their use of fake U.S. companies to make it harder for victims to realize they are being defrauded. Now, developers and companies in the crypto space are asked to verify the legitimacy of job offers and be careful about unsolicited software downloads.
The post North Korean Hackers Use Fake U.S. Firms to Target Crypto Developers appeared first on Live Bitcoin News.