North Korean hackers are utilizing a “striking” new malware variant dubbed “Durian” to reportedly launch attacks on South Korean crypto firms.
Durian acts as an installer that deploys a continuous stream of malware, including a backdoor known as "AppleSeed", a custom proxy tool known as LazyLoad, and other legitimate tools such as Chrome Remote Desktop
The North Korean hacking group Kimsuky has been using a new malware called Durian in a series of targeted attacks against at least two cryptocurrency firms, according to a May 9th threat report from cybersecurity firm Kaspersky. This attack was carried out by exploiting legitimate security software used exclusively by crypto firms in South Korea.
Durian acts as an installer that deploys a continuous stream of malware, including a backdoor known as "AppleSeed", a custom proxy tool known as LazyLoad, and other legitimate tools such as Chrome Remote Desktop. According to Kaspersky, Durian boasts comprehensive backdoor functionality, allowing the execution of delivered commands, additional file downloads, and the exfiltration of files. Additionally, Kaspersky notes that LazyLoad was also used by another sub-group within the North Korean hacking consortium Lazarus Group, suggesting a tenuous connection between Kimsuky and the more notorious hacking group.