BTC Changer

Description

(Group-IB) The threat actor went back to the old habit of stealing crypto using a never-before-seen tool. Lazarus attacked online stores which accept cryptocurrency payments through crypto skimmers: JS-sniffers modified for the purpose of stealing crypto currency. Some victims, identified by Sansec, in fact, didn’t fell prey to the clientToken= campaign, but to a different, previously undocumented Lazarus campaign, codenamed BTC Changer by Group-IB researchers.

Names

Name
BTC Changer

Category

Malware

Type

  • Info stealer
  • Credential stealer

Information

Other Information

Uuid

1028b7e8-5be6-410b-bab5-1f388ec9ea95

Last Card Change

2021-04-21