North Korean Hackers Deploy ‘Durian’ Malware, Target Crypto Companies

North Korean hackers are using an “amazing” new malware variant dubbed “Durian” to attack South Korean crypto companies.

North Korean hacking group Kimsuki has used the new malware in a series of attacks against at least two cryptocurrency companies so far, according to a May 9 report by cybersecurity firm Kaspersky.

This was done in a “permanent” attack using legitimate security software only used by crypto companies in South Korea.

The previously unknown Durian malware acts as an installer that deploys a continuous stream of malware, including a backdoor known as “AppleSeed”, a custom proxy tool known as LazyLoad, and other legitimate tools such as Chrome Remote Desktop.

“Durian boasts comprehensive background functionality that enables the execution of sent commands, additional file downloads, and file scanning,” writes Kaspersky.

In addition, Kaspersky said LazyLoad was used by Andariel, a sub-group within the same North Korean hacking syndicate Lazarus Group – suggesting a “troublesome” relationship between Kimsuki and the well-known hacking group.

RELATED: North Korea's Lazarus Hacking Group Using LinkedIn to Target and Steal Assets: Report

In the year First appearing in 2009, Lazarus has established itself as one of the most famous groups of crypto hackers.

On April 29, independent blockchain sleuth ZackXBT successfully revealed that the Lazarus Group had siphoned more than $200 million in ill-gotten crypto between 2020 and 2023.

In general, the Lazar group He is accused of stealing more than $3 billion in crypto assets in the six years to 2023.

In the year Lazarus was credited with stealing more than 17 percent of the total amount stolen in 2023 — a little over $309 million. By 2023, more than $1.8 billion worth of crypto will be lost to hacking and exploitation, according to a December 28 report by Immunefi.

Magazine: Lazar Group's Favorite Exploit Revealed – Crypto Hacks Analysis