North Korean Scammers Copycat Trading Bots to Steal Crypto
Main page News, North Korea, scam, Hacker Attack, Cryptocurrency
Hot topic
Dec. 6, 2022

Lazarus Group, a North Korean hackers gang, is targeting crypto holders with a new scam campaign by impersonating trading bots and stealing crypto assets.

Subscribe to our Telegram channel to get daily short digests about events that shape the crypto world

IT security firm Volexity has found a new scheme, which involves a variant of the AppleJeus malware by way of malicious Microsoft Office documents.

The scammers have already made a copycat of a cryptocurrency automated trading bot website with a malware that was bundled as part of a Microsoft Installation (MSI) file.

North Korean Scammers Copycat Trading Bots to Steal Crypto
Figure 1. The legitimate website (left) and the clone (right)
Elliptic: Lazarus Hackers Could Be Responsible for Horizon Attack

The malicious copy of a legitimate website distributes a crypto trading application QTBitcoinTrader alongside AppleJeus. Analysts say the same legitimate application has previously been used by the Lazarus Group.

Although the scale of the campaign remains unclear, Volexity believes that the new scheme with an updated version of AppleJeus has been active since at least June 2022.

Access more than 50 of the world's financial markets directly from your EXANTE account – including NASDAQ, London Stock Exchange and Tokyo Stock Exchange

Read also:
Please describe the error