North Korean Hackers Deploy 'Durian' Malware Targeting South Korean Crypto Firms: Kaspersky Report

North Korean hackers, reportedly linked to the state-backed Kimsuky group, have deployed a new malware variant named "Durian" to target South Korean cryptocurrency firms. This malware, discovered by cybersecurity firm Kaspersky, was used in persistent attacks on at least two crypto companies. Durian acts as an installer for a suite of malware, including a backdoor called "AppleSeed" and a custom proxy tool known as LazyLoad. These attacks exploit legitimate security software used exclusively by South Korean crypto firms. Kaspersky also noted a connection between Kimsuky and the Lazarus Group, another North Korean hacking consortium, through the use of LazyLoad, a tool previously employed by Lazarus sub-group Andariel. The Lazarus Group has a notorious history in crypto hacking, with accusations of laundering over $200 million in ill-gotten crypto between 2020 and 2023, and being responsible for over $3 billion in stolen assets in the years leading up to 2023.