TL;DR

• In a ​blog post​ released this week, Elastic Security Labs said that Lazarus reportedly impersonated ​blockchain​ engineers on Discord, and convinced their 'friends' to download a crypto arbitrage bot.

• Turns out, the file had malicious code that connected to a Google Drive account which started downloading sensitive content (like passwords) from the developers' files.

• Seems simpler than it should be right?

Full Story

Ever seen an incredible magic show?

You're asked to pick a card out of a deck without showing the magician, put it back in the deck which is shuffled many times over, only for the top card to be your card?

At first you think: 'Wow, that was impossible. This must be is legit magic.'

Then you find out that it's just a 'trick deck' and every single card in the deck is the same one...

That's kind of how we feel about the 'magic trick' that cybersecurity firm, Elastic Security Labs, just identified as being used by the North Korean cybercrime group Lazarus to carry out multiple hacks on crypto exchanges.

In a ​blog post​ released this week, Elastic Security Labs said that Lazarus reportedly impersonated ​blockchain​ engineers on Discord, and convinced their 'friends' to download a crypto arbitrage bot.

Turns out, the file had malicious code that connected to a Google Drive account which started downloading sensitive content (like passwords) from the developers' files.

Sensitive content → access crypto.

Seems simpler than it should be right?