BTC $66157.0605
ETH $3160.9620
BNB $600.0523
SOL $153.7382
XRP $0.5487
stETH $3158.2980
DOGE $0.1576
TON $5.5645
ADA $0.5086
AVAX $38.3049
wstETH $3680.0518
WBTC $66253.4640
DOT $7.3621
WETH $3160.3315
TRX $0.1121
BCH $509.2779
LINK $15.3526
MATIC $0.7263
UNI $8.0690
ICP $14.6066
LTC $84.3899
DAI $0.9987
CAKE $2.9756
RNDR $9.0447
IMX $2.3823
STX $3.0517
NEAR $6.8843
ETC $27.8833
FDUSD $1.0002
MNT $1.1936
FIL $6.4625
TAO $503.6116
OKB $54.7164
HBAR $0.0881
VET $0.0418
KAS $0.1270
ATOM $8.7670
PEPE $0.0000
GRT $0.2943
WIF $2.7575
FET $2.4107
MKR $2818.4937
INJ $27.8130
USDE $0.9992
THETA $2.3518
XLM $0.1162
CORE $2.5749
BTC $66157.0605
ETH $3160.9620
BNB $600.0523
SOL $153.7382
XRP $0.5487
stETH $3158.2980
DOGE $0.1576
TON $5.5645
ADA $0.5086
AVAX $38.3049
wstETH $3680.0518
WBTC $66253.4640
DOT $7.3621
WETH $3160.3315
TRX $0.1121
BCH $509.2779
LINK $15.3526
MATIC $0.7263
UNI $8.0690
ICP $14.6066
LTC $84.3899
DAI $0.9987
CAKE $2.9756
RNDR $9.0447
IMX $2.3823
STX $3.0517
NEAR $6.8843
ETC $27.8833
FDUSD $1.0002
MNT $1.1936
FIL $6.4625
TAO $503.6116
OKB $54.7164
HBAR $0.0881
VET $0.0418
KAS $0.1270
ATOM $8.7670
PEPE $0.0000
GRT $0.2943
WIF $2.7575
FET $2.4107
MKR $2818.4937
INJ $27.8130
USDE $0.9992
THETA $2.3518
XLM $0.1162
CORE $2.5749
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • Lazarus Group expands DreamJob campaign to Linux users

    ESET cybersecurity researchers recently uncovered a new malware campaign by North Korean hackers Lazarus Group that is believed to be part of a DreamJob operation, this time targeting Linux users.

    The last wave of Lazarus malicious activity targeting Windows computers was recorded in March of this year. In its course, several companies were compromised, to which hackers sent a Trojan version of the 3CX client to steal information.

    Mandiant has published the final results of its investigation into the 3CX hack, once again linking the attack to North Korean attackers. The report says that the 3CX development environment was compromised after one of the employees installed software from Trading Technologies, the installer of which was infected with a trojan.

    Operation DreamJob, also known as Nukesped, is an ongoing malicious activity that targets people running DeFi software or platforms. Attacks begin through fake job offers on LinkedIn and other communication platforms.

    Using social engineering, hackers try to trick victims into downloading malicious files disguised as documents containing information about a job offer. However, in reality, these documents only download malware to the target computer.

    In a case discovered by ESET, Lazarus attackers distributed a ZIP archive with a clickbait title about a job offer at a particular organization. The archive was delivered via spear phishing or direct messages on LinkedIn. Hidden inside the archive was a Linux binary written in Go. According to experts, the hackers "conjured" a bit with the name of the binary file to make it look like a PDF.

    “Interestingly, the file extension is not actually ".pdf". This is because the visible dot in the filename is a single-dot dotted line, represented by the Unicode character U+2024. The use of a single dot dash in the filename was probably an attempt to trick the file manager into treating the file as an executable and not a PDF. This may cause the file to be launched when double-clicked instead of opening it in a PDF viewer,” explains ESET.

    In other words, when the recipient double-clicks on the file to open a seemingly normal PDF document, the malware known as "OdicLoader" is launched instead, but of course a dummy PDF file is displayed on top. When the next stage payload is loaded in the background from the attacker's repository hosted in the OpenDrive cloud service.

    The second stage payload is a C++ backdoor called "SimplexTea". After analyzing this backdoor, ESET experts determined that it is very similar in functionality, encryption methods and hard-coded infrastructure to another malware also used by Lazarus called "BadCall" (for Windows), as well as a variant for macOS called "Simple Sea".

    Lazarus' move to Linux malware illustrates the ever-evolving hacker strategy that now covers all major operating systems.

    The DreamJob operation has already led to a huge success for the Lazarus attackers, allowing them to steal $620 million from Axie Infinity. The FBI has also confirmed that Lazarus is behind the $100 million cryptocurrency theft from the Harmony Bridge platform.

    The recent Lazarus attack on the 3CX supply chain marks another resounding success for the North Korean cybercriminals who are terrifying the global cyber community.

    Author DeepWeb
    The Xiaoqiying group attacked South Korea, and now they are targeting the West
    Infoblox experts have discovered a new set of Decoy Dog malware

    Comments 0

    Add comment