BTC Changer
Description
(Group-IB) The threat actor went back to the old habit of stealing crypto using a never-before-seen tool. Lazarus attacked online stores which accept cryptocurrency payments through crypto skimmers: JS-sniffers modified for the purpose of stealing crypto currency. Some victims, identified by Sansec, in fact, didn’t fell prey to the clientToken= campaign, but to a different, previously undocumented Lazarus campaign, codenamed BTC Changer by Group-IB researchers.
Names
Name |
---|
BTC Changer |
Category
Malware
Type
- Info stealer
- Credential stealer
Information
Other Information
Uuid
1028b7e8-5be6-410b-bab5-1f388ec9ea95
Last Card Change
2021-04-21