North Korea Running ‘Trojan-infested Fake Crypto Exchange,’ Say Experts

cryptonews.com:

A security firm says North Korean hackers created a bogus crypto exchange that infects users’ internet-connected devices with malware – which allows them to access sensitive networks so they can steal cryptoassets.

The claims were made by the security provider Volexity, and backed by the likes of Malwarebytes.

In a blog post, Volexity claimed that the notorious Lazarus hacking group – thought to be based in Pyongyang – had masterminded the plan. It said Lazarus launched the fake exchange in June this year.

Named BloxHolder, the alleged crypto trading platform promotes its operations thusly:

“Use our trusted crypto trading bots to automate crypto trading strategies on over 20+ exchanges with our privacy focused on-prem trade automation solutions.”

But Volexity claimed that BloxHolder was a clone of the bona fide trading platform HaasOnline. It produced examples of near-identical webpages and word-for-word-identical text from the two sites as evidence.

Volexity claimed that BloxHolder users are prompted to accept an Microsoft installer file that has been modified to contain a variant of the AppleJeus trojan.

Security experts say that AppleJeus, first identified by Kaspersky Labs in 2018, harvests information about the systems it infects. It is able to collect details on computer addresses, computer names, and OS versions. This initial access step later allows hackers to steal cryptoassets.

Cryptonews.com discovered that virus-blocking software such as MacAfee, Avast and the South Korean Ahn Labs all flag the website as a “trojan-infested” or “risky” website.

Volexity added that it had “identified several other Microsoft Installer files with cryptocurrency themes that are linked to this campaign.”

The report’s authors warned:

“The