November 1, 2023 By TOM BLACKSTONE
Lazarus members posed as engineers and fooled exchange employees into downloading difficult-to-detect malware.
Lazarus Group used a new form of malware in an attempt to compromise a crypto exchange, according to an October 31 report from Elastic Security Labs.
Elastic has named the new malware “KANDYKORN” and the loader program that loads it into memory “SUGARLOAD,” as the loader file has a novel “.sld” extension in its name. Elastic did not name the exchange that was targeted.
Crypto exchanges have suffered a rash of private-key hacks in 2023, most of which have been traced to the North Korean cybercrime enterprise, Lazarus Group.
