Lazarus Group Targets Crypto Users with Browser Extension Attacks

cryptonews.com:

Jimmy has nearly 10 years of experience as a journalist and writer in the blockchain industry. He has worked with well-known publications such as Bitcoin Magazine, CCN, Business2Community, and...

The North Korean hacker organization Lazarus Group has intensified its cyber attacks on the cryptocurrency market in September 2024 by introducing new malware strains targeting browser extensions and video conferencing applications, according to a recent report by cybersecurity firm Group-IB.

The #Lazarus Group shows no signs of easing with their campaign targeting #jobseekers extending to the present day. Group-IB researchers found new updates to their tools and tactic – new suite of Python scripts – #CivetQ, a #Windows and #Python version of #BeaverTail pic.twitter.com/IKqU7Mk2dm

The report details how the group expanded its focus to include these platforms, using increasingly sophisticated malware variants.

In addition to the ‘Contagious Interview’ campaign, which tricked job seekers into downloading malware disguised as job-related tasks, the Lazarus Group has now broadened its attacks to include fake video conferencing apps.

This scheme has now evolved to include a fake video conferencing app called “FCCCall,” which mimics legitimate software.

Once installed, the app deploys the BeaverTail malware. This malware is designed to exfiltrate credentials from browsers and data from cryptocurrency wallets via browser extensions.

It then installs a Python-based backdoor, dubbed “InvisibleFerret,” further compromising the victim’s system.

This latest campaign highlights their increasing focus on crypto wallet browser extensions, specifically targeting MetaMask, Coinbase, BNB Chain Wallet, TON Wallet, and Exodus Web3.

Analysts at Group-IB