Loading...
CtrlK
According to Cryptopolitan, network security analysts have found that Lazarus Group, which is associated with North Korea, is using a new file free remote access Trojan called RemotePE to attack banks and cryptocurrency companies. This Trojan runs entirely in memory and is difficult to detect by traditional tools. Attackers use Telegram to impersonate employees of trading companies and carry out social engineering attacks using forged links to Calendly and Picktime. Malicious software is loaded through a three-stage chain of DPAPI Loader, Remote PE Loader, and Remote PE, utilizing process hollowing, anti analysis checks, and encrypted C2 communication to evade detection.