The Lazarus Group has deployed a new malware in a recent attack on a major crypto exchange. Dubbed “Kandykorn”, the malware was used to gain remote access into the crypto exchange’s web database.
According to reports, the malware is a form of Remote Access Trojan (RAT), and is designed to allow attackers to gain full control of the targeted system. Once installed, the malware can steal data and execute arbitrary code.
It is not yet known which exchange was targeted in the attack, but it is believed that the Lazarus Group was responsible. The group is known for its links to North Korean state actors, and is believed to have orchestrated previous attacks against financial institutions, crypto exchanges, and other high-profile targets.
Security researchers are still analyzing Kandykorn and have not yet fully determined its capabilities. However, it is believed to be a highly sophisticated malware that is particularly difficult to detect and remove.
Given the increasing prevalence of crypto attacks, it is important that crypto exchanges take the necessary steps to protect themselves. This includes regularly running security scans, monitoring for suspicious activity, and ensuring that all their systems are up to date. It is also important to keep all employee devices secure and protected from malicious actors. Failure to do so can lead to disastrous consequences for those affected.