The hacker group, Lazarus managed according to security researchers from Kaspersky Lab, almost a new Coup. They built an inconspicuous malicious software in a specially developed Client for Trading crypto-currencies. The cyber criminals have spared no cost and effort. You had the Trader and the Takeover of the Wallets of infiltrated crypto-exchanges.
The Kaspersky Lab as a “AppleJeus” designated attack aims directly to the Trader and Online trading platforms for crypto-currencies. The members of Lazarus, in the infrastructure of a non-identified crypto exchange in the Asian region. Lazarus has specially created for this purpose, a fully-functional Trading program for Windows and Mac OS X. There is also a Version for Linux distributions, it was planned, like Kaspersky, the company’s website of the manufacturer. The front Celas LLC appears to have been founded by the Lazarus-members for the sole purpose to disguise the true nature of your Trading program. Because the security researchers found abnormalities in the Domain registration and the web host, the slopes quite often in the drawing of Lazarus in the claim was taken.
#Lazarus faked digital currency trading software “Celas Trade Pro” and used for cross-platform attack-with-backdoor – said Qihoo 360. We can see the same name “CelasTradePro-Installer.dmg”
— Kse Proso (@KseProso) 16. August 2018
Lazarus: Own front for Trojans founded?
The Client for Mac OS X was even provided with a valid certificate from Apple. Otherwise, the employees of the crypto exchange would be for safety reasons, need to change its Macs, to programs from unverified developers to install. He was advised by E-Mail to Download the Trading Software. The Client “Celas Trade Pro” works in Conjunction with various crypto-Exchanges. Accordingly, with Bitfinex, Bitstamp, Bitmarket, BTC China, Goc.io, Indacoin, OKCoin, WEX and YObit. The cyber criminals had set in your Software, sufficient programming interface and numerous functions.
As in the crypto-exchange, the recognition software of the network benefited from the plant, was found the malicious Code in the Updater of the Trading Clients. Lazarus has used the Backdoor-Loader case chill that came earlier.
Crypto exchanges & traders are worth
The website of Celas LLC to meadows, according to Kaspersky viewed from the outside, no abnormalities. The pages Celasltd.com and subeerete.info but are currently not accessible. You had yourself on the security specialists to be trustworthy. Very striking is the of the Criminals time and effort. Mostly malicious software that is programmed only for Windows as the most widely used operating system. Therefore, Trojan, the widely used cross-platform constitute a real exception. To reasons for obtaining the own goals is a front company to create a reputable looking site and the functioning of the program itself, testifies to a high workload. However, looking at the target of the action, explains this.
Screenshot of celasltd.com.
In addition, the case shows that one can feel as a user of a Linux Distribution or Mac OS X never completely safe. The owner of a Wallet or a credit card have too much to lose. Anyone interested in the backgrounds: A detailed technical analysis of Qihoo 360 and SecureList.com available.
Striking way, had installed the suspected attacker is a Header that allows for the acceptance of the North Korean language. A note, nourishes the suspicion that the attack from North Korea ran out of African soil. In terms of the Background of the Lazarus group, a very controversial Detail.
Lazarus is accused of the attack on several South Korean crypto-exchanges, such as the Bithump, YouBit and Coinlink. The group is also under the name of “Hidden Cobra”. The first attacks, you could assign them clearly happened in the year 2009. 2014, the group introduced their sophisticated attack scenarios in the Hack of Sony Pictures.