According to a May 9 report from cybersecurity firm Kaspersky, the Kimsuky hacking group has employed Durian in targeted attacks against at least two South Korean crypto companies to date.
The attacks are described as persistent, meaning the hackers are attempting to gain long-term access.
They have achieved this by exploiting legitimate security software used specifically by South Korean crypto companies.
Durian acts as an installer and deploys a multi-pronged attack. It offers a backdoor tool called AppleSeed, a custom proxy tool called LazyLoad, and even uses legitimate tools such as Chrome Remote Desktop.
Kaspersky researchers warn that Durian has a wide range of capabilities. These include executing attacker commands, downloading additional malicious files and stealing data from compromised systems.