How North Korea’s Durian Malware Targets Crypto Exchanges

• North Korea’s Durian malware targets South Korean crypto exchanges.
• Utilizes a sophisticated multi-stage infection process.
• Despite ongoing cybersecurity efforts, Durian still poses a threat. 

Crypto has long been a target of various hackers. Among them, those sponsored by North Korea are among the most notorious. Once again, North Korean hackers have made headlines with their efforts to undermine crypto exchanges and steal funds. 

Most recently, the Kimsuky group, a well-known entity associated with North Korea, has been actively deploying Durian malware to compromise South Korean crypto firms. 

North Korea’s Durian Malware Explained

According to a recent report by Kaspersky , a global cybersecurity firm, North Korea’s Kimsuky hacker group is deploying a new type of malware, specifically targeting South Korea’s crypto exchanges. While the exact deployment method is unclear, the firm has some insights into Durian’s operations.

Durian infiltrates systems by manipulating legitimate software. Specifically, it initially compromises systems via legitimate software updates. This disguises its malicious payload within trusted applications, bypassing initial security screenings.

Once inside the system, Durian installs itself and sets up mechanisms to ensure it remains active even after the system restarts. The malware then activates its backdoor functionality, allowing remote attackers to send commands and steal data. This enables attackers to extract sensitive information, including login credentials, which gives them access to funds. 

Read More

According to Kaspersky, Durian is often used alongside other malware and legitimate tools to maintain access and avoid detection. It uses data encryption and obfuscation to hide its communication with the attackers’ servers.

North Korean Hackers Steal Billions in Crypto

North Korean hackers, particularly from groups like Lazarus , have been highly active in cryptocurrency, stealing vast amounts through sophisticated cyberattacks. Over the years, they have siphoned off billions from crypto platforms by exploiting security vulnerabilities and employing advanced techniques like phishing, malware, and sophisticated laundering methods to obfuscate the trail of stolen assets.

In 2023 alone, North Korean-linked cyber groups stole approximately $1 billion in digital assets, targeting both decentralized and centralized financial platforms. They’ve employed various methods, such as compromising private keys, using crypto mixers, and targeting over-the-counter (OTC) brokers to launder the stolen funds. 

Despite the scale of the hacks committed by North Korean hackers, the overall value of the thefts has declined in recent years. Stolen funds have declined from $1.7 billion in 2022. 

On the Flipside

• Hacks from state-sponsored actors have implications that go beyond crypto. For instance, North Korea allegedly uses the proceeds from crypto hacks for its military spending. 
• The criminal activities of these hackers have spotlighted crypto mixers and other privacy-focused tools, including Railgun. However, the protocol claims any reports linking it to hackers are based on speculation. 

Why This Matters

The ongoing cyber activities of North Korean hacking groups underscore the persistent vulnerabilities within global financial and technological infrastructures. 

Read more reports about hackers from North Korea: 
North Korean Crypto Thefts Primarily Target Japan, Study Reveals

Read more about Solana’s performance compared to Ethereum: 
Solana Overtakes Ethereum DEX Volume: Is Ethereum Slipping?