• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • January 19th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Cyber Crime
Phishing Scam

Lazarus Group is back, targeting Banks & Bitcoin users with phishing scam

February 15th, 2018 Waqas Cyber Crime, Phishing Scam 0 comments
Lazarus Group is back, targeting Banks & Bitcoin users with phishing scam
Share on FacebookShare on Twitter

The IT security researchers at McAfee have discovered that the Lazarus Group aka Hidden Cobra is back in action busy targeting global banking giants and unsuspecting Bitcoin users with a new sophisticated phishing campaign.

Who is Lazarus Group

If you are not familiar with who Lazarus Group are; they are a group of well-trained cybercriminals who according to some media reports, operates from North Korea. The group first came in the news back in 2009 and 2012 by targeting South Korean government institution with large-scale distributed denial-of-service attack (DDoS) attacks.

However, in October 2017, the group made a comeback by conducting malware attacks on Bitcoin exchanges and wallets right after the Bitcoin’s price set a new record. Now after a brief break, the group is not only back but also targeting high-profile targets including global banks as well as Bitcoin users.

Tricking targets with job recruitment scam

Dubbed “HaoBao” by researchers at McAfee Advanced Threat Research (ATR), Lazarus Group is utilizing phishing emails posing as a Hong Kong-based job recruitment firm looking to hire a Business Development Executive for a large multi-national bank. In reality, the emails sent by the group contain a Dropbox link with a malicious Microsoft Word file which once clicked, asks victims to enable content. Once that is done, the file infects the device with a malicious macro that scans for cryptocurrency wallets and establishes an implant for long-term data-gathering.

Lazarus Group is back, targeting Banks & Bitcoin users with phishing scam

Malicious Microsoft Word document

“Victims are persuaded to enable content through a notification claiming the document was created in an earlier version of Microsoft Word. The malicious documents then launch an implant on the victim’s system via a Visual Basic macro. The implant has the capability of gathering data from the victim’s system,” noted McAfee’s senior analyst Ryan Sherstobitoff.

This campaign is similar to the one the group conducted last year in which its targets were financial institutions, cryptocurrency exchanges, financial institutions, and defense contractors while the group aimed at stealing money and military secrets. At that time, the group sent emails to victims claiming that a European based cryptocurrency firm is hiring for the position of Chief Financial Officer (CFO).

Stealing and sending data to command and control [C&C] server

Furthermore, McAfee researchers noted that the implant steals data from the targeted computer and sends it to and sent it to command and control [C&C] server including computer name, currently logged on user’s name, list of all processes currently running on and presence of a specific registry key on the system.

“In this latest discovery by McAfee ATR, despite a short pause in similar operations, the Lazarus group targets cryptocurrency and financial organizations. Furthermore, we have observed an increased usage of limited data gathering modules to quickly identify targets for further attacks. This campaign is tailored to identifying those who are running Bitcoin-related software through specific system scans,” Sherstobitoff explained.”

Beware of phishing scams

Lazarus Group is out there for the money and its targets include large-scale banking giants to unsuspecting cryptocurrency investors looking to make money the right way and you can be one of their very next victims. Therefore, beware of growing and persistent phishing scams leading to malware infecting and stealing of your data.

Recently, FBI warned users that cybercriminals have been posing as officials from Internet Crime Complaint Center and sending emails to users about the crime they did not commit since the sole purpose of it is to infect their computers with malware to steal data. 

Moreover, a number of cryptocurrencies have lost millions of dollars lately due to highly sophisticated phishing campaigns indicating that it is time for users to look out for themselves, do not download/click attachments coming from an unknown email. Also, scan each and every file that you download on your anti-virus – anti-malware software or VirusTotal.

Image credit: DepositPhotos

  • Tags
  • Bitcoin
  • Cryptocurrency
  • hackers
  • hacking
  • internet
  • Lazarus
  • Malware
  • North Korea
  • Phishing
  • Scam
  • security
  • South Korea
Facebook Twitter LinkedIn Pinterest
Previous article School Principal Gets 9 Years in Prison for Trading Nude Pictures of Students
Next article Hackers use Google Ads to steal $50 million of Bitcoin
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Related Posts
Online scams: How to give scammers a taste of their own medicine

Online scams: How to give scammers a taste of their own medicine

Infamous cybercrime, carding market Joker's Stash is shutting down

Infamous cybercrime, carding market Joker's Stash is shutting down

Facebook sues developer of data scraping extensions for Chrome

Facebook sues developer of data scraping extensions for Chrome

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
Hackers compromised IObit forum to spread DeroHE ransomware
Hacking News

Hackers compromised IObit forum to spread DeroHE ransomware

52
X-rated social media app Fleek exposed explicit photos of users
Leaks

X-rated social media app Fleek exposed explicit photos of users

67
Top learning management system (LMS) software for small businesses
Technology News

Top learning management system (LMS) software for small businesses

584

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us