North Korean advanced persistent threat group Lazarus has emerged with fresh spear-phishing campaign. The group uses a Trojanized DeFi application containing a legitimate program called DeFi Wallet that saves and manages a cryptocurrency wallet. When executed, the Trojanized application implants a malicious file when executed. Kaspersky researchers say they have high confidence that the group used malware in the CookieTime cluster – a malware cluster the group has used recently – to target the defense industry using similar malware. The malware is a full-featured backdoor containing sufficient capabilities to control the compromised victim.”]
Source: https://www.cuinfosecurity.com/lazarus-using-trojanized-defi-app-to-deliver-malware-a-18829