Lazarus Group spreads malware by disguising as venture capitalists


  • Kaspersky warns about new malware by the Lazarus linked BlueNoroff group.
  • BlueNoroff’s newest malware can overcome Mark-of-the-Web security measures.
  • Kaspersky reported that such malware attacks on crypto startups might increase in 2023.

According to a report from Kaspersky, BlueNoroff, a group connected with Lazarus Group, has outgrown its criminal activities by appearing to be venture capitalists who want to invest in crypto startups. 

Kaspersky shared how several fraudulent domains appearing as venture capital firms and banks were created by BlueNoroff. 

In the report, Kaspersky mentioned how it found worldwide attacks by BlueNoroff. These  attacks targeted cryptocurrency-based startups this year in January; however, until the fall, there was a pause in the activity. 

To attack companies that are involved in dealing with smart contracts, blockchain, DeFi as well as the FinTech industry, BlueNoroff is using malware. Furthermore, the group is utilizing software to avoid Mark-of-the-Web technology. This technology makes sure that a message from Windows warns users when they try to open a file that they have downloaded from the internet. 

North Korean hackers have benefited big time by stealing cryptocurrency. Cryptocurrency worth $1.2 billion has been stolen since 2017. A number of leading firms like FTX became victims of cyber-attacks this year. 

The group sent job offers on LinkedIn in August for the position of an engineering manager at Coinbase. The following month, both and Coinbase job seekers were targeted by the Lazarus Group in two phishing attacks. 

Among the two, one attack provoked job seekers to download a PDF document to view the available vacancies at After the completion of the download, the PDF installed a Trojan horse and stole financial and personal details. 

A similar case was witnessed in June, when a fake job offer resulted in a $540 crypto hack. The US authorities held the Lazarus group responsible, but the specifications of the exploit’s use were not made public.

Cyber criminals deployed an exploit  in the Binance Smart Chain to escape with cryptocurrency worth $100 million in October. The same month, the Japanese government blamed the North Korean Lazarus Group for crypto hacks.

In November, FTX officials initiated an investigation of potential US $477 M theft concerning unauthorized transactions.This month, $1.2 billion in crypto money was looted by North Korean hackers. Moreover, in the latest attack, Lazarus Group phished NFT investors.