The agencies stated the Group developed seven fake cryptocurrency trading applications to include AppleJeus malware variants to steal cryptocurrency. The seven malicious apps include Celas Trade Pro, JMT Trading, Union Crypto, Kupay Wallet, CoinGoTrade, Dorusio, and Ants2Whale. The Group used these malicious apps to bypass international sanctions imposed on the North Korean government and targeted individuals, cryptocurrency exchanges, and financial service companies across 30 countries last year.

Active since 2018, the Lazarus group leveraged multiple cyberthreat vectors like phishing, social networking, and social engineering attacks to trick unwitting users into downloading the malware.

Lazarus’ Timeline of Attacks

The Lazarus hacking group was involved in multiple cyber-espionage and cyber-sabotage campaigns earlier.

• December 2019: Researchers discovered a malware dubbed “Fileless” distributed by the Lazarus group.
• 2018: Kaspersky uncovered the AppleJeus malicious operation by Lazarus Group to intrude on cryptocurrency exchanges and applications.
• 2017: The malicious activities of the group include the creation of malware used in the WannaCry0 global ransomware attack.
• 2016: Theft of $81 million from Bangladesh Bank.
• 2014: Attack on Sony Pictures Entertainment and numerous other intrusions on the entertainment, financial services, defense, technology, virtual currency industries, academia, and electric utilities.

How to Defend Against AppleJeus Malware

The federal agencies urged organizations to report in case they identify AppleJeus malware within their networks. They also recommended certain security measures for cryptocurrency users and organizations to combat AppleJeus malware. These include:

• Verify the source of cryptocurrency-related applications.
• Use multiple wallets for key storage, striking the appropriate risk balance between hot and cold storage.
• Use custodial accounts with multi-factor authentication mechanisms for both user and device verification.
• Patronize cryptocurrency service businesses that offer indemnity protections for lost or stolen cryptocurrency.
• Consider having a dedicated device for cryptocurrency management.

The post In Action: Lazarus Group Develops New AppleJeus Malware for Cryptocurrency Theft appeared first on CISO MAG | Cyber Security Magazine.

How did it happen?

EXMO claimed that threat actors targeted the exchange with $75 million in trading volume by overloading the system with numerous unwanted traffic from multiple malicious servers. The incident affected the servers of the exchange, which are now temporarily unavailable. The volume on the exchange platform has fallen 4.9% after the attack.

Important: DDoS attack on EXMO
Please note the EXMO exchange website is now under the DDoS attack. The servers are temporarily unavailable.
We are solving this issue right now. Please stay tuned.

— EXMO (@Exmo_Com) February 15, 2021

The attack comes two months after EXMO reported that unknown attackers stole $10.5 million in Bitcoin, Ether, Bitcoin Cash, Tether, and Zcash cryptocurrencies.

DDoS Attacks Turn Weaponized

In DDoS attacks, cybercriminals make a targeted system or service unavailable to its users by flooding with unwanted incoming traffic from different sources. They leverage various compromised computer systems and connected sources like IoT devices as sources of attack traffic.

Several industry experts stressed that DDoS attacks have evolved into weaponized instruments used to disseminate ransomware, as well as to launch disruptive attacks against their targets.

Recently, the New Zealand stock exchange NZX Ltd. went offline for three days in a row due to a blow of successive cyberattacks. In a security alert, the bourse operator said that initially it had been hit by a DDoS attack on August 25, 2020, from offshore, via its network service provider. The attack impacted the exchange’s network connectivity systems, including NZX websites and the markets announcement platform.

The post U.K’s Crypto Exchange EXMO Halted Operations After DDoS Attack appeared first on CISO MAG | Cyber Security Magazine.

What’s ElectroRAT? 

ElectroRAT is a new kind of malware with cross-platform functionality written in Golang (an open-source programming language) and designed to target multiple operating systems, including macOS, Linux, and Windows. “It is rather common to see various information stealers trying to collect private keys to access victims’ wallets. However, it is rare to see tools written from scratch and used to target multiple operating systems for these purposes,” Intezer’s researchers said.

How ElectroRAT Works?

ElectroRAT operators have created three different Trojanized applications, Jamm, eTrade, and DaoPoke, and hosted them on websites built especially for this campaign. The malicious applications were advertised in cryptocurrency and blockchain-related platforms like Bitcointalk and SteemCoinPan. The  ElectroRAT threat actor group tricked cryptocurrency traders to download their malicious apps by promoting them in fake online forums and social media platforms. It is estimated that ElectroRAT has infected thousands of victims so far.

“The promotional posts, published by fake users, tempted readers to browse the applications’ web pages, where they could download the application without knowing they were actually installing malware,” Intezer’s researchers added.

ElectroRAT Defense Mechanism

Intezer recommended certain preventive measures for users who suspect they are the victim of ElectroRAT malware operation. These include:

• Kill the process and delete all files related to the malware.
• Make sure your machine is clean and running 100% trusted code.
• Move your funds to a new wallet.
• Change all your passwords.

Related Stories:

• How to Safeguard Your Cryptocurrency Wallet from Digital Exploits
• 6 Times Digital Currency Made Headlines

The post Threat Actors Targeting Crypto Wallets with ElectroRAT Malware Campaign appeared first on CISO MAG | Cyber Security Magazine.

By Rudra Srinivas, Feature Writer, CISO MAG

The threat to your digital currencies is mainly through cryptocurrency wallets (digital wallets) or exchange providers. A crypto wallet does not store your digital coins, but it holds a private key, which allows you to trade cryptocurrency online. This private key is your digital identity to the cryptocurrency market and anyone who gets hold of this can perform fraudulent transactions or steal your crypto coins. Cybercriminals use sophisticated techniques to compromise digital wallets and steal/transfer crypto assets without the user’s knowledge. Securing your wallet is essential when it comes to protecting your digital currency against cyberattacks.

Here are some of the ways to secure your cryptocurrency:   

1. Use a Cold Wallet

Unlike hot wallets, cold wallets do not connect to the internet therefore, they are not prone to cyberattacks.  Storing your private keys in a cold wallet, also known as a hardware wallet, is the most viable option as these come encrypted, keeping your keys secure.

In 2019, the Japanese exchange BITpoint discovered an unauthorized withdrawal of $32 million from its hot wallet in different cryptocurrencies targeting more than 50,000 users. The exchange held five cryptocurrencies in its hot wallet: Bitcoin, Bitcoin Cash, Ethereum, Litecoin, and Ripple. However, BITpoint clarified that its cold wallet and cash holdings were not affected in the incident.

2. Use Secure Internet

While trading or making crypto transactions, use only a secure internet connection and avoid public Wi-Fi networks. Even when accessing your home network, use a VPN for additional security. A VPN changes your IP address and location, keeping your browsing activity safe and private from threat actors.

3. Maintain Multiple Wallets

Since there is no limitation for wallet creation, you can diversify your cryptocurrency investments in multiple wallets. Use one wallet for your daily transactions and keep the rest in a separate wallet. This will protect your portfolio and mitigate the loss of any breach to your crypto account.

4. Secure Your Personal Device

Make sure your personal device is up to date with the latest virus definitions to defend against newly discovered vulnerabilities. Use a strong anti-virus and firewall to improve your device’s security to avoid hackers from taking advantage of the weakness by writing code to target the vulnerability.

5. Change Your Password Regularly

We cannot underrate the importance of a strong password while talking about security. According to a  study, three-quarters of millennials in the U.S. use the same password on more than 10 devices, apps, and other social media accounts. It also stated that most of them were using the same password in over 50 different places. Make sure you have a strong and complex password, which is difficult to guess, and change it on a regular basis. Use separate passwords if you have multiple wallets. Opt for two-factor authentication (2FA) or multi-factor authentication (MFA) for additional security.

6. Don’t Get Phished

Phishing scams via malicious ads and emails are rampant in the cryptocurrency world. Be careful while making crypto transactions and avoid any suspicious and unknown links.

In a recent cryptocurrency heist, a hacking group “CryptoCore” targeted cryptocurrency exchanges via spear-phishing campaigns. Attackers stole cryptocurrency worth $200 million in two years, targeting companies in the U.S. and Japan since 2018. ClearSky stated that CryptoCore initiated a reconnaissance phase to identify the email accounts of the cryptocurrency exchange’s employees and security executives before conducting a spear-phishing attack. These attacks were performed using fake domains impersonating affiliated organizations and employees,  and by embedding malicious links in documents via emails.

Wrap Up   

The cryptocurrency industry is constantly evolving, and it is your sole responsibility to protect your digital funds by securing your wallet with essential safety precautions. Update yourself with the latest security news, attack techniques, and prevention strategies.

About the Author

Rudra Srinivas is a Feature Writer and part of the editorial team at CISO MAG. He writes news and feature stories on cybersecurity trends.

The post How to Safeguard Your Cryptocurrency Wallet from Digital Exploits appeared first on CISO MAG | Cyber Security Magazine.