{"id":124966,"date":"2025-03-13T06:16:05","date_gmt":"2025-03-13T06:16:05","guid":{"rendered":"http:\/\/cryptospotters.net\/?p=124966"},"modified":"2025-03-13T06:16:05","modified_gmt":"2025-03-13T06:16:05","slug":"lazarus-group-sends-400-eth-to-tornado-cash-deploys-new-malware","status":"publish","type":"post","link":"http:\/\/cryptospotters.net\/?p=124966","title":{"rendered":"Lazarus Group sends 400 ETH to Tornado Cash, deploys new malware"},"content":{"rendered":"<p>Source: Cointelegraph.com NewsNorth Korean-affiliated hacking collective the Lazarus Group has been moving crypto assets using mixers following a string of high-profile hacks.\u00a0<br \/>\nOn March 13, blockchain security firm CertiK alerted its X followers that it had detected a deposit of 400 ETH (ETH) worth around $750,000 to the Tornado Cash mixing service.\u00a0<br \/>\n\u201cThe fund traces to the Lazarus group\u2019s activity on the Bitcoin network,\u201d it noted.\u00a0<br \/>\nThe North Korean hacking group was responsible for the massive Bybit exchange hack that resulted in the theft of $1.4 billion worth of crypto assets on Feb. 21.\u00a0<br \/>\nIt has also been linked to the $29 million Phemex exchange hack in January and has been laundering assets ever since.\u00a0<br \/>\nLazarus Group crypto asset movements. Source: Certik\u00a0Lazarus has also been linked to some of the most notorious crypto hacking incidents, including the $600 million Ronin network hack in 2022.<br \/>\nNorth Korean hackers stole over $1.3 billion worth of crypto assets in 47 incidents in 2024, more than doubling thefts in 2023, according to Chainalysis data.<br \/>\nNew Lazarus malware detected<br \/>\nAccording to researchers at cybersecurity firm Socket, Lazarus Group has deployed six new malicious packages to infiltrate developer environments, steal credentials, extract cryptocurrency data and install backdoors.\u00a0<br \/>\nIt has targeted the Node Package Manager (NPM) ecosystem, which is a large collection of JavaScript packages and libraries.<br \/>\nResearchers discovered malware called \u201cBeaverTail\u201d embedded in packages that mimic legitimate libraries using typosquatting tactics or methods used to deceive developers.\u00a0<br \/>\n\u201cAcross these packages, Lazarus uses names that closely mimic legitimate and widely trusted libraries,\u201d they added.\u00a0<br \/>\nRelated: Inside the Lazarus Group money laundering strategy<br \/>\nThe malware also targets cryptocurrency wallets, specifically Solana and Exodus wallets, the added.\u00a0<br \/>\nCode snippet showing Solana wallet attacks. Source: SocketThe attack targets files in Google Chrome, Brave and Firefox browsers, as well as keychain data on macOS, specifically targeting developers who might unknowingly install the malicious packages.<br \/>\nThe researchers noted that attributing this attack definitively to Lazarus remains challenging; however, \u201cthe tactics, techniques, and procedures observed in this npm attack closely align with Lazarus\u2019s known operations.\u201d\u00a0<br \/>\nMagazine: Mystery celeb memecoin scam factory, HK firm dumps Bitcoin: Asia Express<a href=\"https:\/\/cointelegraph.com\/news\/lazarus-group-deposits-400-eth-into-tornado-cash-new-malware?utm_source=rss_feed&amp;utm_medium=rss&amp;utm_campaign=rss_partner_inbound\" target=\"_blank\" class=\"feedzy-rss-link-icon\" rel=\"noopener\">Read More<\/a><\/p>","protected":false},"excerpt":{"rendered":"<p>Source: Cointelegraph.com NewsNorth Korean-affiliated hacking collective the Lazarus Group has been moving crypto assets using mixers following a string of high-profile hacks.\u00a0 On March 13, blockchain security firm CertiK alerted&hellip; <\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[5],"tags":[],"_links":{"self":[{"href":"http:\/\/cryptospotters.net\/index.php?rest_route=\/wp\/v2\/posts\/124966"}],"collection":[{"href":"http:\/\/cryptospotters.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/cryptospotters.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"http:\/\/cryptospotters.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=124966"}],"version-history":[{"count":0,"href":"http:\/\/cryptospotters.net\/index.php?rest_route=\/wp\/v2\/posts\/124966\/revisions"}],"wp:attachment":[{"href":"http:\/\/cryptospotters.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=124966"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/cryptospotters.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=124966"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/cryptospotters.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=124966"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}