Experts say North Korea is spreading a virus-infected Mycelium wallet clone on Telegram

North Korean group Lazarus  is spreading a virus-infected Mycelium Wallet clone on Telegram channels  to compromise systems and steal crypto assets, security firms say. According to SBS and Bloomberg, the clone is called Somora. 

But they say it's packed with Trojan-like software that  bears the hallmarks of "malware previously used to target South Korean crypto traders  and attributed to Pyongyang by the US government." 

 "Senior security vendors" have already "labeled the Sonora files as malicious," Bloomberg noted. 

 researchers at  BAE Systems in the UK "sent private advice to their customers about the Somora app". American Mandiant is also preparing a warning. 

 The researchers claim that Somora is "modelled" after Mycelio - and even reuse the latter's catchphrases, changing Mycelio's "Be wise among the 8%" to "Be wise among the 7%". 

 Security firms have linked the app  to Lazarus, the code group that Western governments say masterminded the 201 hack of Sony Pictures and the crippling WannaCry ransomware attacks in 2017. 

 "North Korea's Fake Crypto Apps" - New Campaign? 

 They claim that Somora is part of the same  campaign led by Lazarus, where the group also allegedly launched a fake clone of a HaasOnline cryptocurrency exchange called BloxHolder. According to the service providers, the application installation files are infected with the AppleJeus Trojan. 

 This trojan can collect information about computer addresses, computer names and operating system versions. Hackers can then use this information to compromise protected networks. 

 Somora is not listed in major app stores. However, security providers explained that the download links for the "crypto wallet" are  sent to crypto holders and other individuals via Telegram. 

 The United States and South Korea have repeatedly claimed that North Korea has been actively stealing cryptographic data from individuals and businesses for several years. 

 According to Washington, about a third of the funds for North Korea's missile development program were collected by crypto hackers.

Source :

Post a Comment

Lebih baru Lebih lama