Posted 2 years ago | by Ben Armstrong
Malware-laden Bogus Crypto Site Unioncrypto may be Product of North Korean Hacking Group
Dinesh Devadoss, a malware researcher was the one who discovered this malicious code on Unioncrypto that is believed to have been created by Lazarus the infamous North Korean hacking group. This is according to a Wednesday report by Bleeping Computer.
According to the report the site had no live download links. In addition, the site claimed to offer a “smart cryptocurrency arbitrage trading platform.” The software was found on a website with the address “unioncrypto.vip.”
It is harder to conduct forensic analysis on the variant seeing as it is able to pull payload from a remote location and run it in memory. This is a major concern to researchers.
Unioncrypto may be a Scam
When the Bleeping Computer report was published only five virus detection engines raised an alert. This is because the malware can be detected by very few virus detecting engines.
It could be that the malware was found before the hackers were able to complete the trap that they were trying to set that might have been aimed at crypto holders. This is because there is no payload present despite the remote server being active and in addition, the package has no certificate.
Patrick Wardle, another malware researcher said that there are clear similarities between this malware and another malware variant that was found in October, which was also hidden on a fake crypto trading site. It was recently linked to the notorious Lazarus group.
The U.S. in September, sanctioned three North Korean entities for cyber crimes. Citing that one of the reasons behind the move being cryptocurrency thefts. Lazarus alongside Andariel and Bluenoroff were identified by the U.S. Department of Treasury as entities that are believed to be responsible for the theft of $571 million-worth of cryptocurrency from Asian exchanges in 2017 and 2018.
Big Profits for Bad Actors
It is difficult to find exact figures for how much hackers make on an annual basis, but some figures put it in the billions of USD. States like North Korea are often accused of running crypto hacks to boost their state coffers, among many other questionable activities.
Unfortunately, when a state-controlled hacking group works to commit crimes, there is little that can be done to address the problem, other than working to make exchanges as safe as possible. North Korea has a dubious human rights record, and also has been accused of numerous international crimes.