North Korean hackers are intensifying their cyber warfare with a new malware variant known as "Durian," which has been targeting South Korean cryptocurrency firms. The notorious hacking group Kimsuky has deployed this malware in recent attacks, according to a May 9 report from cybersecurity experts at Kaspersky.

Kaspersky's threat report reveals that Durian is part of a persistent attack strategy exploiting legitimate security software exclusive to South Korean crypto firms. This advanced malware acts as an installer, continuously deploying other malicious software, including a backdoor named "AppleSeed," a custom proxy tool called "LazyLoad," and legitimate tools such as Chrome Remote Desktop.

"Durian boasts comprehensive backdoor functionality, enabling the execution of delivered commands, additional file downloads, and exfiltration of files," stated Kaspersky.

Interestingly, Kaspersky noted that LazyLoad has also been used by Andariel, a subgroup within the infamous North Korean hacking consortium known as the Lazarus Group. This suggests a possible link between Kimsuky and the more widely recognized Lazarus Group.

Lazarus Group, which first emerged in 2009, has built a reputation as one of the most dangerous crypto hacking organizations. Blockchain investigator ZachXBT reported on April 29 that the Lazarus Group had laundered over $200 million in stolen cryptocurrency between 2020 and 2023. In the six years leading up to 2023, the group is accused of stealing over $3 billion in crypto assets.

In 2023 alone, Lazarus was credited with stealing over 17%—approximately $309 million—of the total stolen funds in the crypto industry. A report by Immunefi on December 28 highlighted that more than $1.8 billion worth of crypto was lost to hacks and exploits throughout the year.

The emergence of Durian malware underscores the evolving and persistent threat posed by North Korean hackers to the global cryptocurrency sector. Companies within this space must remain vigilant and bolster their cybersecurity measures to protect against such sophisticated attacks.