Cyber security experts at ESET have warned firms of the threat posed by the Lazarus Group’s new malware “LightlessCan” saying it is more difficult to detect than previous versions.
According to the firm, the malware is mostly deployed in employment scams luring users to install a malicious payload disguised as a job task or document related to the company.
In its recent blog post on Sept 29, the firm highlighted how the new malware works, its damage to the network systems, different execution chains leading to cyber espionage, etc.
The Lazarus Group has been linked to several crypto hacks running into millions of dollars most notably the incident which saw over $40 million wiped from sports betting platform, Stake.com.
The group was also linked to the Bitthumb, Nicehash incidents which recorded millions stolen alongside hacks on traditional companies like AstraZeneca, Sony, WannaCry, etc.
The cyber security experts explained that the hackers deliver payloads to the victim’s network by utilizing a remote access Trojan, a far more sophisticated advancement than previous versions.
“LightlessCan mimics the functionalities of a wide range of native Windows commands, enabling discreet execution within the RAT itself instead of noisy console executions. This strategic shift enhances stealthiness, making detecting and analyzing the attacker’s activities more challenging.”
LightlessCan also uses guardrails which serve as protective mechanisms for the payload during its execution, “effectively preventing unauthorized decryption on unintended machines, such as those of security researchers,” they added.
Per the report, after initial access was gained through a social media hiring process, it used multiple encryptions, AES-128 and RC6
Read more on cryptonews.com