An affiliate of Lazarus affiliated with the DPRK has developed malware to steal cryptocurrencies and personal data from users of the Telegram messenger, found out in Kaspersky Lab.
One of the new attack vectors in the company was called the spread of malware through the channels of fake cryptocurrency companies in Telegram. These files are executed directly from the Telegram folder.
Kaspersky Lab has already detected infections in Poland, the Russian Federation, China and the UK.
Representatives of the group also updated malware for MacOS and Widnows. Now they quietly bypass all security mechanisms.
Recall that in March last year, Kaspersky Lab reported that Lazarus developed new attack vectors on bitcoin exchanges.
According to Group-IB, in 2017-2018, hackers from Lazarus hacked five crypto exchanges, including the Japanese Coincheck.