With the DeFi market gaining popularity many are looking for DeFi wallets to be a part of this industry. A recent investigation by Kaspersky found that a DeFi wallet was developed by a hacker group and had a built-in backdoor to facilitate future attacks on users of that service. According to the security company, those responsible for the wallet are the Lazarus group, one of the most famous hackers on the internet.
According to Kaspersky, a suspicious file was submitted to VirusTotal, an identification service of malware. The site points out that immediately the file appeared to be completely normal, but upon analysis, they found that the DeFi wallet had a lot more “under the hood”.
“At first glance, it looked like a cryptocurrency wallet installer. But our experts analyzed and found that, in addition to the wallet, it delivers malware to the user’s device.”, Kaspersky said.
Researchers have found that the file in question contained an infected installer of a legitimate decentralized cryptocurrency wallet. This installer creates two executables, a legitimate cryptocurrency wallet program and malware.
The malware was passing through the browser Google Chrome and trying to hide the existence of the infected installer by copying a clean installer in its place, which would be executed immediately so that the user does not suspect anything.
After the wallet is successfully installed, the malware continues to run in second plan alongside other apps, always staying hidden from the user. Kaspersky warned that the backdoor allowed malware administrators to:
Start and end processes;
- Execute commands on the device;
- Download files to device, delete them and send files from device to C&C server.
“In other words , in the event of a successful attack, the malware can disable the antivirus and steal anything it wants — from valuable documents to bills and money. It can also download other malicious programs to the computer as cybercriminals want.”
With this, the damage could be quite large, especially on computers where people keep bank passwords or files related to their cryptocurrency wallets.
Famous hacker group was behind the scam
Lazarus is a famous hacker group that specializes in direct attacks on different people and entities.
The group even managed to steal money through scams targeting the Central Bank of Bangladesh in 2016. More recently they were linked to a millionaire hacker attack on Axie Infinity.
The Lazarus group is suspected of being funded by the North Korean government, using the results of the thefts to help the government circumvent sanctions imposed by other countries.
With this type of funding, Lazarus is considered one of the most dangerous hacker groups on the internet today.