North Korea Running ‘Trojan-infested Fake Crypto Exchange,’ Say Experts

North Korea
Ad Disclosure
Ad Disclosure

We believe in full transparency with our readers. Some of our content includes affiliate links, and we may earn a commission through these partnerships. However, this potential compensation never influences our analysis, opinions, or reviews. Our editorial content is created independently of our marketing partnerships, and our ratings are based solely on our established evaluation criteria. Read More
Last updated:
Ad Disclosure
Ad Disclosure

We believe in full transparency with our readers. Some of our content includes affiliate links, and we may earn a commission through these partnerships. However, this potential compensation never influences our analysis, opinions, or reviews. Our editorial content is created independently of our marketing partnerships, and our ratings are based solely on our established evaluation criteria. Read More
Author
Tim Alper
Author Categories
About Author

Tim Alper is a British journalist and features writer who has worked at Cryptonews.com since 2018. He has written for media outlets such as the BBC, the Guardian, and Chosun Ilbo. He has also worked...

Last updated:
Why Trust Cryptonews
Cryptonews has covered the cryptocurrency industry topics since 2017, aiming to provide informative insights to our readers. Our journalists and analysts have extensive experience in market analysis and blockchain technologies. We strive to maintain high editorial standards, focusing on factual accuracy and balanced reporting across all areas - from cryptocurrencies and blockchain projects to industry events, products, and technological developments. Our ongoing presence in the industry reflects our commitment to delivering relevant information in the evolving world of digital assets. Read more about Cryptonews
Ad DisclosureWe believe in full transparency with our readers. Some of our content includes affiliate links, and we may earn a commission through these partnerships. Read more
Source: Mieszko9/Adobe

A security firm says North Korean hackers created a bogus crypto exchange that infects users’ internet-connected devices with malware, allowing them to access sensitive networks to steal cryptoassets.

The claims were made by the security provider Volexity, and backed by the likes of Malwarebytes.

In a blog post, Volexity claimed that the notorious Lazarus hacking group – thought to be based in Pyongyang – had masterminded the plan. It said Lazarus launched the fake exchange in June this year.

Named BloxHolder, the alleged crypto trading platform promotes its operations thusly:

“Use our trusted crypto trading bots to automate crypto trading strategies on over 20+ exchanges with our privacy focused on-prem trade automation solutions.”

But Volexity claimed that BloxHolder was a clone of the bona fide trading platform HaasOnline. It produced examples of near-identical webpages and word-for-word-identical text from the two sites as evidence.

How Does the Trojan Work?

Volexity claimed that BloxHolder users are prompted to accept a Microsoft installer file that has been modified to contain a variant of the AppleJeus trojan.

Security experts say that AppleJeus, first identified by Kaspersky Labs in 2018, harvests information about the systems it infects. It is able to collect details on computer addresses, computer names, and OS versions. This initial access step later allows hackers to steal cryptoassets.

Cryptonews.com discovered that virus-blocking software such as MacAfee, Avast and the South Korean Ahn Labs all flag the website as a “trojan-infested” or “risky” website.

Source: Screenshot

Volexity added that it had “identified several other Microsoft Installer files with cryptocurrency themes that are linked to this campaign.”

The report’s authors warned:

“The Lazarus Group continues its effort to target cryptocurrency users, despite ongoing attention to their campaigns and tactics.”

Volexity added that it “has not previously noted the use of Microsoft Office documents to deploy AppleJeus variants,” – which may represent a “change” in tactics from Lazarus.

South Korea’s SBS noted that Lazarus allegedly reports to the Pyongyang-run Reconnaissance General Bureau. The bureau is believed to be the North Korean intelligence agency charged with operating the nation’s clandestine operations.

Last month, a leading academic called for Seoul to do more to prevent the North from attacking crypto targets south of the DMZ.

More Articles

DeFi News
Donald Trump’s World Liberty Financial Set to Create Strategic Crypto Reserve: Report
Julia Smith
Julia Smith
2025-02-07 23:19:22
Price Analysis
Ondo Finance Unveils Real-World Asset Layer 1 – 10x Incoming?
Michael Davis
Michael Davis
2025-02-07 22:53:46
Crypto News in numbers
editors
Authors List + 66 More
2M+
Active Monthly Users Around the World
250+
Guides and Reviews Articles
8
Years on the Market
70
International Team Authors