New Lazarus Group Malware Threat Places Crypto On High Alert

The Lazarus Group has been using a new form of malware to infiltrate unsuspecting organisations.

Kim Jon Un with his new camouflage glitching robot.
Created by Kornelija Poderskytė from DailyCoin
  • A cybersecurity firm unveiled the latest malware used by Lazarus Group.
  • The malware enables the hacker group to infiltrate company networks and access information.
  • The firm issued a stark warning to the cryptocurrency industry, advising caution and vigilance.

The cryptocurrency industry has long grappled with the formidable threat of the Lazarus Group, a group of hackers backed by the North Korean government. Since turning their attention to the crypto industry, the group has earned a notorious reputation after orchestrating countless cyber attacks through a variety of tactics, pilfering billions of dollars in funds and assets.

In response to the recurrent attacks, security experts have initiated investigations into the group’s tactics, revealing the latest malware that threatens to further jeopardize the industry.

Unmasking New Hack Tactic

On September 30th, cybersecurity firm ESET exposed the latest addition to the Lazarus Group toolset, an undetectable malware named LightlessCan.


Chief Security Evangelist Tony Anscombe described LightlessCan as a malware designed to seamlessly infiltrate systems and grant unauthorized access to sensitive information. The malware is a successor to the group’s infamous BlindingCan, and contains a 15-step command structure that allows it to mimic native Windows commands like ipconfig, ping, netstant, systeminfo, and more.

ESET first discovered LightlessCan during an investigation of a phishing scam targeted at employees of a Spanish aerospace company. The Lazarus Group masterminded a fake job campaign called ‘Operation DreamJob’, which was presented via the networking platform LinkedIn. 

The campaign allowed the hackers to lure unsuspecting victims through a typical hiring process, including a step that required the target to download a malicious payload that grants access to the company’s network.  


A primary feature of LightlessCan is called ‘execution guardrails’. This security concept ensures that only the intended recipients of the malware can decrypt the payload, preventing any reconstruction attempts by security researchers and experts.

In the wake of the latest discovery, the firm has issued a warning to cryptocurrency establishments, advising utmost caution and the implementation of rigorous protection measures.

Lazarus Group’s Unrelenting Assault

The Lazarus Group’s reign of terror has impacted the cryptocurrency industry for several years, documenting a long list of attacks and asset thefts.

In August, on-chain sleuths linked the group to a string of attacks on major cryptocurrency firms. These hacks included a $8.5 million theft from crypto payment gateway Coinspaid, $35 million on Atomic Wallet, and more than $100 million on Harmony Protocol, totaling the loss of over $290 million.

The hacker group was also identified as the perpetrator of a $41 million heist on online casino and betting platform on September 8th. The heist involved the theft of assets from multiple networks across the ecosystem including Ethereum, Binance Smart Chain, and Polygon. 

A consistent factor across the hacker group’s many illicit endeavors has been the use of crypto mixers, such as Tornado Cash, to obscure the movement and distribution of the stolen funds. 

On the Flipside

  • The discovery highlights that the Lazarus Group is pursuing more than simply financial gains and has goals in espionage.
  • According to industry analysts, more than $2 billion has been lost to the Lazarus group.
  • In September, blockchain security firm SlowMist unveiled the hacker group’s cunning attack method

Why This Matters

As the cryptocurrency industry faces increasing challenges from high-profile attackers like the Lazarus Group, there is a growing need for the development of robust defense mechanisms aimed at bringing cybercriminals to justice.

Read more on one of the group’s major attacks in the cryptocurrency industry:
North Korean Hackers, Lazarus Group, Behind $625 Million Ronin Hack – U.S. Treasury

Check out how Buenos Aires’ government introduced new use blockchain use cases:
Buenos Aires Implements Blockchain-Based ID System 

This article is for information purposes only and should not be considered trading or investment advice. Nothing herein shall be construed as financial, legal, or tax advice. Trading forex, cryptocurrencies, and CFDs pose a considerable risk of loss.

Grace Abidemi

Grace Abidemi, a cryptocurrency reporter at DailyCoin, covers industry developments and trends. She previously worked as a freelance writer. With a Bachelor's degree in German Language and certifications in marketing and storytelling, Grace creates engaging content. When not working, she's in Nigeria, mastering cooking and canvas painting, and enjoys learning about different cultures and languages.