Lazarus used ‘KANDYKORN’ malware in attempt to compromise exchange —Elastic

Lazarus Group used a new form of malware in an attempt to compromise a crypto exchange, according to an October 31 report from Elastic Security Labs.the new malware “KANDYKORN” and the loader program that loads it into memory “SUGARLOAD,” as the loader file has a novel “.sld” extension in its name. Elastic did not name the exchange that was targeted.

Crypto exchanges have suffered a rash of private-key hacks in 2023, most of which have been traced to the North Korean cybercrime enterprise, Lazarus Group.According to Elastic, the attack began when Lazarus members posed as blockchain engineers and targeted engineers from the unnamed crypto exchange. The attackers made contact on Discord, claiming they had designed a profitable arbitrage bot that could profit from discrepancies between prices of cryptos on different exchanges.

The attackers convinced the engineers to download this “bot.” The files in the program’s ZIP folder had disguised names like “” and “” that made it appear to be an arbitrage bot. Once the engineers ran the program, it executed a “” file that ran some ordinary programs as well as a malicious file called “” established a connection to a remote Google Drive account and began downloading content from it to another file named The malicious program then ran a single time before deleting it in order to cover its tracks.

During the single-time execution of, the program downloaded more content and eventually executed a file that Elastic calls “SUGARLOADER.” This file was obfuscated using a “binary packer,” Elastic stated, allowing it to bypass most malware detection programs. However, they were able to discover it by forcing the program to stop after its initialization functions had been called, then snapshotting the process’ virtual memory.

How I tried to teach the Theory of Three Dimensions to my Grandson, and with what successThus ended my first attempt to convert a pupil to the Gospel of Three Dimensions. Read more ⮕

Speaker Johnson should look beyond the Bible to protect democracy in AmericaJohnson, wants to use his gavel in an attempt to establish a Christian theocracy. Read more ⮕

Matthew Perry’s ‘light wasn’t out of his eyes’ despite ‘demons,’ former co-star D.L. Hughley saysMatthew Perry’s final text exchange with Ione Skye revealed Read more ⮕

Harry Connick Jr. Stars in ‘The Islander’ From the ExchangeHarry Connick Jr. stars in romantic drama ’The Islander’ sold by the Exchange at AFM Read more ⮕

Modernized XRP, Xahau (XAH), Achieves Ripple CTO Approval and Major Exchange ListingRipple CTO David Schwartz endorses Xahau (XAH) as ‘modernized XRP’ scores big exchange listing Read more ⮕

The Market May Be Going Nowhere. These Income ETFs Could Benefit.Covered call strategies limit potential gains in exchange for the income they generate. Read more ⮕