North Korean Hackers Using Telegram to Hack Cryptocurrencies

North Korean Hackers Using Telegram to Hack Cryptocurrencies

By Benson Toti - min read
Updated 21 March 2023

North Korean hackers are still targeting cryptocurrency users. Research from an online security firm has discovered suggests that they are using the Telegram messaging app to do this.

North Korean hackers are using new methods

Image by Gerd Altmann from Pixabay

What They Found Out

This report comes from the Kaspersky Labs team. The Moscow-based company took a look at how hackers in the Asian country are trained. To do this, they investigated the latest attacks carried out by the Lazarus Group that has been linked to North Korea.

The idea was to see how they have improved their capabilities since the infamous AppleJesus attacks were carried out on crypto exchanges in 2018. They used the crypto trading platform known as QtBitcoinTrade to do this.

Their results confirmed that the cybercriminals have carried out “significant changes” to their methodology. One of the examples they discovered involved a supposed software update to a crypto wallet.

Kaspersky also cited the case of malicious software that opened a back door in Mac software. This allowed the hackers to get past the device’s security without the computer noting anything out of the ordinary.

A modified version of the original virus that they use is called UnionCryptoTrader, while another one called MarkMakingBot is new and targets Macs. WFCUpdater is the name of another malicious file that was discovered on infected machines.

Where Does Telegram Come Into It?

This study revealed that the alleged North Korean hackers use Telegram to deliver malware. Some of the victims had manipulated software on their computer that had malware embedded into it.

It is the UnionCryptoTrader malware that appears to have spread from Telegram. The hacking team also seem to have a fake group on the messaging app.

This malware can then transmit personal data to the hackers without the owner knowing about it. In a number of cases, they used fake cryptocurrency channels to trick users.

People from the UK, China, Poland and Russia were among the victims that they uncovered. Many of them had links to cryptocurrency businesses.

Who Are Lazarus?

There is still an air of mystery around Lazarus. They have managed to avoid being uncovered until now by putting their malware through computer memory instead of using a hard disk drive. The North Korean authorities have denied having any links to Lazarus and are said to be planning their own cryptocurrency.

The Lazarus hackers were put on the US sanctions list last year. This means that anyone dealing with them runs the risk of being sanctioned. We have recently seen the case of American Ethereum developer Virgil Griffith, who could be sentenced to up to 20 years in jail for making a presentation in North Korea.

Estimates of how much cryptocurrency they have stolen go up to $600 million for 2017 and 2018. The Kaspersky teams expecting the North Korean hackers to carry on stealing digital money and for their attacks to “become more sophisticated”.