• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • February 17th, 2019
  • Home
  • About Us
  • Team
  • Advertise
  • Submit News
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Google+
    • Linkedin
    • Youtube
Home » Cyber Crime » Lazarus Group is back, targeting Banks & Bitcoin users with phishing scam

Lazarus Group is back, targeting Banks & Bitcoin users with phishing scam

February 15th, 2018 Waqas Cyber Crime, Phishing Scam 0 comments
Lazarus Group is back, targeting Banks & Bitcoin users with phishing scam
Share on FacebookShare on Twitter

The IT security researchers at McAfee have discovered that the Lazarus Group aka Hidden Cobra is back in action busy targeting global banking giants and unsuspecting Bitcoin users with a new sophisticated phishing campaign.

Who is Lazarus Group

If you are not familiar with who Lazarus Group are; they are a group of well-trained cybercriminals who according to some media reports, operates from North Korea. The group first came in the news back in 2009 and 2012 by targeting South Korean government institution with large-scale distributed denial-of-service attack (DDoS) attacks.

However, in October 2017, the group made a comeback by conducting malware attacks on Bitcoin exchanges and wallets right after the Bitcoin’s price set a new record. Now after a brief break, the group is not only back but also targeting high-profile targets including global banks as well as Bitcoin users.

Tricking targets with job recruitment scam

Dubbed “HaoBao” by researchers at McAfee Advanced Threat Research (ATR), Lazarus Group is utilizing phishing emails posing as a Hong Kong-based job recruitment firm looking to hire a Business Development Executive for a large multi-national bank. In reality, the emails sent by the group contain a Dropbox link with a malicious Microsoft Word file which once clicked, asks victims to enable content. Once that is done, the file infects the device with a malicious macro that scans for cryptocurrency wallets and establishes an implant for long-term data-gathering.

Lazarus Group is back, targeting Banks & Bitcoin users with phishing scam

Malicious Microsoft Word document

“Victims are persuaded to enable content through a notification claiming the document was created in an earlier version of Microsoft Word. The malicious documents then launch an implant on the victim’s system via a Visual Basic macro. The implant has the capability of gathering data from the victim’s system,” noted McAfee’s senior analyst Ryan Sherstobitoff.

This campaign is similar to the one the group conducted last year in which its targets were financial institutions, cryptocurrency exchanges, financial institutions, and defense contractors while the group aimed at stealing money and military secrets. At that time, the group sent emails to victims claiming that a European based cryptocurrency firm is hiring for the position of Chief Financial Officer (CFO).

Stealing and sending data to command and control [C&C] server

Furthermore, McAfee researchers noted that the implant steals data from the targeted computer and sends it to and sent it to command and control [C&C] server including computer name, currently logged on user’s name, list of all processes currently running on and presence of a specific registry key on the system.

“In this latest discovery by McAfee ATR, despite a short pause in similar operations, the Lazarus group targets cryptocurrency and financial organizations. Furthermore, we have observed an increased usage of limited data gathering modules to quickly identify targets for further attacks. This campaign is tailored to identifying those who are running Bitcoin-related software through specific system scans,” Sherstobitoff explained.”

Beware of phishing scams

Lazarus Group is out there for the money and its targets include large-scale banking giants to unsuspecting cryptocurrency investors looking to make money the right way and you can be one of their very next victims. Therefore, beware of growing and persistent phishing scams leading to malware infecting and stealing of your data.

Recently, FBI warned users that cybercriminals have been posing as officials from Internet Crime Complaint Center and sending emails to users about the crime they did not commit since the sole purpose of it is to infect their computers with malware to steal data. 

Moreover, a number of cryptocurrencies have lost millions of dollars lately due to highly sophisticated phishing campaigns indicating that it is time for users to look out for themselves, do not download/click attachments coming from an unknown email. Also, scan each and every file that you download on your anti-virus – anti-malware software or VirusTotal.

Image credit: DepositPhotos

  • Tags
  • Bitcoin
  • Cryptocurrency
  • hackers
  • hacking
  • internet
  • Lazarus
  • Malware
  • North Korea
  • Phishing
  • Scam
  • security
  • South Korea
Facebook Twitter Google+ LinkedIn Pinterest
Previous article School Principal Gets 9 Years in Prison for Trading Nude Pictures of Students
Next article Hackers use Google Ads to steal $50 million of Bitcoin
Waqas

Waqas

Waqas Amir is a Milan-based cybersecurity journalist with a passion for covering latest happenings in cyber security and tech world. In addition to being the founder of this website, Waqas is also into gaming, reading and investigative journalism.

Related Posts
Email service provider loses 2 decades worth of data due to hack attack

Email service provider loses 2 decades worth of data due to hack attack

Ethical hacker may get 8 years in prison for reporting flaws in Magyar Telekom

Ethical hacker may get 8 years in prison for reporting flaws in Magyar Telekom

Authorities shut down xDedic marketplace for selling hacked servers

Authorities shut down xDedic marketplace for selling hacked servers

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

LATEST POSTS
Chinese facial recognition database tracking Muslims left exposed
Surveillance

Chinese facial recognition database tracking Muslims left exposed

Feb 16th, 2019 413
Website uses Artificial Intelligence to create utterly realistic human faces
Privacy

Website uses Artificial Intelligence to create utterly realistic human faces

Feb 16th, 2019 281
What is Ransomware and How to Prevent It?
Security

What is Ransomware and How to Prevent It?

Feb 15th, 2019 340
Dark Web hacker selling 126M accounts stolen from new data breaches
Hacking News

Dark Web hacker selling 126M accounts stolen from new data breaches

Feb 15th, 2019 780

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in Milan, Italy.

Follow us