A joint report by CISA, the FBI and the U.S. Treasury Department has warned organizations in the crypto and blockchain industry about a new threat posed by the North Korean hacking group Lazarus.
Security agencies found that hackers using trojanized cryptocurrency applications are targeting organizations in these industries.
To carry out the attack, the hackers use social engineering to trick employees of cryptocurrency companies into downloading and running malicious Windows and macOS cryptocurrency apps.
The trojanized tools are then used to carry out various malicious activities, including accessing the target’s computers, spreading malware on their networks, and stealing private keys that allow fraudulent blockchain transactions to be initiated.
Users are tricked into downloading the TraderTraitor Trojan applications. This is an electronic-based, cross-platform utility developed with JavaScript and the Node.js runtime environment.
TraderTraitor cryptocurrency apps used in these campaigns include DAFOM, TokenAIS, CryptoAIS, AlticGO, Esilet and CreAI Deck.