Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

  • Wed. Apr 9th, 2025

Crypto Firms on the Radar of Northern Korean Hackers with Their ‘Durian’ Malware

John Wise

ByJohn Wise

May 28, 2024

The North Korean cyber unit known as Kimsuky, which is associated with the state, is said to have recently launched an attack on at least two Bitcoin businesses in South Korea, during which it allegedly revealed a new variant of malware.

This most recent maneuver highlights the continued attempts that the gang is making to exploit vulnerabilities inside the digital currency sector to potentially improve their financial situation.

North Korean Hackers Target South Korean Crypto Firms with ‘Durian’ Malware

A recent report from the cybersecurity company Kaspersky says that North Korean hackers are attacking South Korean cryptocurrency firms with a powerful new type of malware called “Durian.”

At least two of these companies have been hit by attacks that are thought to be from the well-known hacking group Kimsuky. As part of Kimsuky’s plan, he is persistent and uses legal security software that is only used by crypto businesses in South Korea.

This strategy shows how skilled the group is at taking advantage of weaknesses in the cryptocurrency business. The group’s use of Durian is a big step up in their arsenal and shows they are still a threat to the digital asset environment.

Durian Malware’s Advanced Backdoor Capabilities

Kaspersky’s research shows that the newly found Durian malware works as an installer, making it easy for different malicious tools to be put in place all the time. “AppleSeed,” known as a backdoor, and “LazyLoad,” a custom proxy tool, are two of these.

In addition, Durian uses harmless software, like Chrome Remote Desktop, to further its unlawful goals. Durian has a strong backdoor that lets attackers run commands, download more files, and stealthily get private data.

This many-purpose feature shows how complex the malware is and how smart the threat actors’ methods are, which makes cybersecurity defenses very hard to keep up.

Impact on Crypto Landscape

The fact that Kimsuky and the infamous Lazarus Group both use the LazyLoad tool suggests a possible link between the two groups, according to Kaspersky. Lazarus is a well-known North Korean hacking group that has become notorious since its formation in 2009, especially for the crypto-related attacks it has carried out.

ZachXBT, a blockchain analyst, recently said that Lazarus may have laundered over $200 million in Bitcoin from 2020 to 2023. People say that Lazarus stole more than $3 billion in crypto assets over the six years before 2023.

Lazarus is said to have run away with more than 17 percent of all the stolen money in 2023, which is about $309 million. This shows how big of an effect the group has had on the crypto environment.

John Wise

John Wise

John Wise is a fintech analyst and writer with over a decade of experience and a Master’s in Computer Science from MIT. At FinTech Service Reviews, he simplifies complex financial tech, offering clear, insightful reviews to help readers stay informed.

Leave a Reply

Your email address will not be published. Required fields are marked *