Lazarus Group Deploys New ‘Kandykorn’ Malware in Crypto Exchange Attack

The Lazarus Group, a North Korean hacker syndicate, targeted a cryptocurrency exchange using new malware named “Kandykorn”. Blockchain engineers were enticed to download a fraudulent “profitable arbitrage bot”, which was actually a five-stage malware deployment process, leading to the infiltration of the Kandykorn Trojan. The group was linked to numerous crypto hacks throughout 2023, with stolen assets reportedly amounting to nearly $240 million.