Video: Job-offer malware linked to North Korea chases bitcoin boom.
The US Computer Emergency Readiness Team (US-CERT) is warning users and admins about newly uncovered malware developed by North Korean hacking group Hidden Cobra, also known as the Lazarus Group.
US-CERT's report on Typeframe identifies 11 pieces of malware, which consist of Windows executable files and a Word document with malicious Visual Basic macros.
"These files have the capability to download and install malware, install proxy and Remote-Access Trojans (RATs), connect to command-and-control servers to receive additional instructions, and modify the victim's firewall to allow incoming connections," US-CERT notes[1] in its latest malware report on the North Korean government's Hidden Cobra campaign.
In May US-CERT issued an alert[2] about Hidden Cobra's Joanap and Brambul malware, which have been used since 2009 to collect information from companies in the media, aerospace, financial, and critical-infrastructure sectors.
Hidden Cobra is also known as the hacking group Lazarus, which researchers believe was responsible for the WannaCry ransomware outbreak[3], an $80m Bangladesh cyber bank heist[4] via SWIFT, and 2014's Sony Pictures hack[5].
Researchers at McAfee earlier this year spotted[6] a malicious Word document used in phishing campaigns aimed at financial sector organizations in Asia. As with the Typeframe Word document, it encouraged users to 'enable content' to run a malicious Visual Basic macro.
The Typeframe report is the 12th malware family US-CERT has attributed to the Hidden Cobra group, including destructive malware, and tools for carrying out distributed denial-of-service attacks.
It also includes the malware implant Bankshot RAT, which was identified by US-CERT last December and resurfaced in March in a targeted phishing